+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.



Source: WordPress

Related Post
WPTavern: Alex Mills Ends His Battle With Leukemia

WPTavern: Alex Mills Ends His Battle With Leukemia Today, we are reminded that life is fleeting and that plugins, themes, and WordPress itself is built and maintained by humans. Alex (Viper007Bond) Mills announced that he is ending his fight with Leukemia. Due to liver inflammation and GvHD, the liver is too damaged to continue with treatment […]

Read more
WPTavern: Bootstrap Patches XSS Vulnerability in Versions 4.3.1 and 3.4.1

WPTavern: Bootstrap Patches XSS Vulnerability in Versions 4.3.1 and 3.4.1 Bootstrap has released versions 4.3.1 and 3.4.1 to patch an XSS vulnerability (CVE-2019-8331) that was reported to the Bootstrap Drupal project by a developer and then responsibly disclosed to the Bootstrap development team. The vulnerability specifically affects usage of the tooltip and popover features: Earlier […]

Read more
Dev Blog: WordPress 5.1 RC2

Dev Blog: WordPress 5.1 RC2 The second release candidate for WordPress 5.1 is now available! WordPress 5.1 will be released on Thursday, February 21, but we need your help to get there—if you haven’t tried 5.1 yet, now is the time! There are two ways to test the WordPress 5.1 release candidate: try the WordPress […]

Read more