BuddyPress 2.8.2 – Important Security release

BuddyPress 2.8.2 update has just been made available for download.

This is a security release and we strongly encourage all BuddyPress sites to upgrade as soon as possible.

BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:

  1. Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
  2. Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
  3. Cross-site request forgery (CSRF) when dismissing a pending email change.

These vulnerabilities were reported privately by Ronnie Skansing.

Ronnie responsibly and privately disclosed to the WordPress core development team, the found security problem before publicising, so a fix could be prepared, and damage from the vulnerability minimized.

Any themes implementing BuddyPress templates should update its files which include buddypress.js and buddypress-functions.php


BuddyPress 2.8.2 Security Release


You may also like

BuddyPress 2.8.0 – “San Matteo” version was just released

Leave a Reply