Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress 12.4.1 Security Release

Published on May 1st, 2024 by Mathieu Viet

BuddyPress 12.4.1 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible. The 12.4.1 release addresses the following security issue: This vulnerability was impacting BuddyPress branches from 9.0 to 12.0. It was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the […]

BuddyPress 11.3.2 Security Release

Published on October 17th, 2023 by Mathieu Viet

BuddyPress 11.3.2 is now available. This is a security release. All BuddyPress installations should be updated as soon as possible. The 11.3.2 release addresses the following security issue: This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure. For complete details, visit […]

BuddyPress 11.3.1 Security & Maintenance release

Published on August 24th, 2023 by Mathieu Viet

BuddyPress 11.3.1 is now available. This is a security and maintenance release. All BuddyPress installations should be updated as soon as possible. The 11.3.1 release addresses the following security issue: This vulnerability was reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporter for practicing coordinated disclosure. BuddyPress 11.3.1 […]

BuddyPress 9.1.1 Security and Maintenance Release

Published on August 18th, 2021 by Mathieu Viet

BuddyPress 9.1.1 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 9.1.1 release addresses three security issues: The activation key was included into the responses of the create_item method of BP REST API Signup controller. Discovered by Brajesh Singh. An SQL Injection […]

BuddyPress 7.3.0 Maintenance & Security Release

Published on April 14th, 2021 by Mathieu Viet

BuddyPress 7.3.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 7.3.0 release addresses four security issues: A vulnerability was fixed that could allow a member to create a group on behalf of another member via a REST API endpoint. A vulnerability […]

BuddyPress 7.2.1 Security Release

Published on March 16th, 2021 by Mathieu Viet

BuddyPress 7.2.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 7.2.1 release addresses 5 security issues which were reported privately to the BuddyPress team by Kien Hoang, in accordance with WordPress’s security policies: A vulnerability was fixed that could allow a privilege escalation from […]

BuddyPress 6.4.0 Maintenance and Security Release

Published on November 27th, 2020 by Mathieu Viet

BuddyPress 6.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 6.4.0 release addresses one security issue: non-capable users could add a style attributes to “span” and “p” elements in possible rich text fields of their profile page. The vulnerability has been […]

BuddyPress 5.1.2 Security Release

Published on January 3rd, 2020 by Boone Gorges

BuddyPress 5.1.2 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.2 release addresses one security issue: Certain REST API requests could result in the exposure of private data. Discovered and reported independently by Petter Walbø Johnsgård and Jacek Suski. The vulnerability was […]

BuddyPress 5.1.1 Security Release

Published on December 23rd, 2019 by Mathieu Viet

BuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.1 release addresses one security issue: A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom. […]

BuddyPress 2.9.3 Security and Maintenance Release

Published on January 26th, 2018 by Boone Gorges

BuddyPress 2.9.3 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.3 release addresses two security issues: A dynamic template loading feature could be used in some cases for unauthorized file execution and directory traversal. Reported by James Golovich. Some permissions […]

Skip to toolbar