Last Updated: 10th Mar 2017
BuddyPress: BuddyPress 2.8.2 Security Release
BuddyPress 2.8.2 is now available. This is a security release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.
BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:
- Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
- Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
- Cross-site request forgery (CSRF) when dismissing a pending email change.