Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress 5.1.1 Security Release

Published on December 23rd, 2019 by Mathieu Viet

BuddyPress 5.1.1 is now available. This is a security release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 5.1.1 release addresses one security issue: A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder. Discovered by nomnom. […]

BuddyPress 2.9.3 Security and Maintenance Release

Published on January 26th, 2018 by Boone Gorges

BuddyPress 2.9.3 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.3 release addresses two security issues: A dynamic template loading feature could be used in some cases for unauthorized file execution and directory traversal. Reported by James Golovich. Some permissions […]

BuddyPress 2.9.2 Security and Maintenance Release

Published on November 2nd, 2017 by Boone Gorges

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible. The 2.9.2 release addresses five security issues: A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported […]

BuddyPress 2.7.4 – Security Release

Published on December 23rd, 2016 by John James Jacoby

BuddyPress 2.7.4 is now available, and is a security release & recommended upgrade for all BuddyPress installations. We’ve also ported the code changes in 2.7.4 to all branches back 2.0, and are pushing updates out for all installations where we are able to do so. These releases include a fix to the BuddyPress core attachments API that could allow […]

BuddyPress 2.4.2

Published on December 3rd, 2015 by Paul Wong-Gibbs

BuddyPress 2.4.2 is now available. This is an maintenance and security release, and all BuddyPress installations are recommended to upgrade as soon as possible. An XSS vulnerability in the Groups component was discovered, which affected the Groups administration screen inside the wp-admin area. We thank Krzysztof Katowicz-Kowalewski (vnd) for responsibly disclosing this issue to the […]

BuddyPress 2.3.5

Published on November 11th, 2015 by Boone Gorges

BuddyPress 2.3.5 is now available. This is a security release for all previous versions. All BuddyPress installations are strongly encouraged to upgrade immediately. BuddyPress versions 2.3.4 and earlier are subject to a vulnerability that may allow privilege escalation for logged-in users. We have no evidence that this bug has ever been exploited in the wild, […]

BuddyPress 1.7.3

Published on July 10th, 2013 by Boone Gorges

BuddyPress 1.7.3 is now available. This is a security and maintenance release, and we urge all installations running BP 1.5 or later to upgrade immediately. Version 1.7.3 includes fixes for the following: A cross-site scripting vulnerability in the way that success/error messages are stored and then displayed A bug that caused Set-Cookie headers to be […]

BuddyPress Updated to 1.1.2

Published on October 26th, 2009 by Andy Peatling

BuddyPress 1.1.2 is now available via an automatic upgrade or manual download. This is an important security release and fixes two vulnerabilities found in version 1.1.1. To stay protected it is essential that you upgrade to this version of BuddyPress regardless of the version you are currently running. For a full list of fixes and […]

Skip to toolbar