support@wpsupportservices.co.uk
0330 22 33 458

BuddyPress: BuddyPress 2.8.2 Security Release

BuddyPress: BuddyPress 2.8.2 Security Release

BuddyPress 2.8.2 is now available. This is a security release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:

  1. Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
  2. Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
  3. Cross-site request forgery (CSRF) when dismissing a pending email change.

These vulnerabilities were reported privately by Ronnie Skansing. Our thanks to Ronnie for reporting security issues in accordance with WordPress’s security policies.



Source: WordPress

Add a Comment