+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.



Source: WordPress

Related Post
Post Status: Why the makers of Ninja Forms are getting into eCommerce

Post Status: Why the makers of Ninja Forms are getting into eCommerce Welcome to the Post Status Draft podcast, which you can find on iTunes, Google Play, Stitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Brian Krogsgard and co-host Brian Richards. In this episode, I bring on James Laws […]

Read more
WPTavern: WordPress 4.9.8 Will Significantly Reduce Memory Leak

WPTavern: WordPress 4.9.8 Will Significantly Reduce Memory Leak WordPress 4.9.8 Beta two recently shipped and although much of the focus will be on the “Try Gutenberg” call-out, there’s a patch included that addresses a memory leak that was quite a problem for some users. When WordPress 4.9.7 shipped, the WordPress.org support forums saw an increase in […]

Read more
Donncha: WP Super Cache and Cookie Banners

Donncha: WP Super Cache and Cookie Banners More sites use cookie banners now that the GDPR is active but some are finding that their banners are misbehaving once they enable caching. This is a similar issue to the one that happened to some page counter plugins in the past. The page counter wouldn’t increment. When […]

Read more