1. News

BuddyPress 2.8.2 – Important Security release

BuddyPress 2.8.2 update has just been made available for download.

This is a security release and we strongly encourage all BuddyPress sites to upgrade as soon as possible.

BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:

  1. Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
  2. Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
  3. Cross-site request forgery (CSRF) when dismissing a pending email change.

These vulnerabilities were reported privately by Ronnie Skansing.

Ronnie responsibly and privately disclosed to the WordPress core development team, the found security problem before publicising, so a fix could be prepared, and damage from the vulnerability minimized.

Any themes implementing BuddyPress templates should update its files which include buddypress.js and buddypress-functions.php

 

BuddyPress 2.8.2 Security Release

 

Comments to: BuddyPress 2.8.2 – Important Security release

    Your email address will not be published. Required fields are marked *

    Attach images - Only PNG, JPG, JPEG and GIF are supported.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.