+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.



Source: WordPress

Related Post
WPTavern: WordPress 5.0.2 to Bring Major Performance Improvements, Scheduled for December 19

WPTavern: WordPress 5.0.2 to Bring Major Performance Improvements, Scheduled for December 19 Processed with VSCOcam with c1 preset WordPress 5.0.1 was released yesterday as a security release with fixes for seven vulnerabilities that were privately disclosed. It includes a few breaks in backwards compatibility that plugin developers will want to review. WordPress 5.0.2 will be […]

Read more
WPTavern: WPWeekly Episode 341 – Recap of WordCamp US 2018

WPTavern: WPWeekly Episode 341 – Recap of WordCamp US 2018 In this episode, John James Jacoby and I recap WordCamp US 2018. We discuss what’s new in WordPress 5.0.1 and when users can expect to see 5.0.2. We also chat about the new path that WordPress is on and where it may lead. John shares […]

Read more
WPTavern: WordCamp US 2019 to be Held November 1-3 in St. Louis

WPTavern: WordCamp US 2019 to be Held November 1-3 in St. Louis photo credit: Wikimedia Commons Dates for WordCamp US 2019 were announced today, less than a week after wrapping up a successful camp in Nashville. Unlike all previous years held in December, next year’s event will take place November 1-3 in St. Louis, Missouri. […]

Read more