1. News

BuddyPress 2.8.2 – Important Security release

Written by Posted on Less than 0 min read

BuddyPress 2.8.2 update has just been made available for download.

This is a security release and we strongly encourage all BuddyPress sites to upgrade as soon as possible.

BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:

  1. Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
  2. Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
  3. Cross-site request forgery (CSRF) when dismissing a pending email change.

These vulnerabilities were reported privately by Ronnie Skansing.

Ronnie responsibly and privately disclosed to the WordPress core development team, the found security problem before publicising, so a fix could be prepared, and damage from the vulnerability minimized.

Any themes implementing BuddyPress templates should update its files which include buddypress.js and buddypress-functions.php

 

BuddyPress 2.8.2 Security Release

 

Member since
Web developer and photography fan. Great experience with WordPress for more than 7 years.

More from Gabriel

Next
No Comments
Leave a comment Cancel
Comments to: BuddyPress 2.8.2 – Important Security release

    Your email address will not be published. Required fields are marked *

    Attach images - Only PNG, JPG, JPEG and GIF are supported.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.