+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.



Source: WordPress

Related Post
WPTavern: Genesis Framework and StudioPress Themes Add Gutenberg Compatibility, More Gutenberg Features Coming Soon

WPTavern: Genesis Framework and StudioPress Themes Add Gutenberg Compatibility, More Gutenberg Features Coming Soon After WP Engine acquired StudioPress in June, the company began investing in expanding the Genesis team. WP Engine is hiring new people to work on the framework and expand support and community activities. On the latest episode of the newly revived […]

Read more
WPTavern: Gutenberg Team Addresses Accessibility Concerns, Highlights Tools and Features that Surpass the Classic Editor

WPTavern: Gutenberg Team Addresses Accessibility Concerns, Highlights Tools and Features that Surpass the Classic Editor The Gutenberg team has officially responded to recent concerns about the new editor’s accessibility. Matias Ventura, the project’s technical lead, published a post with examples of the accessibility efforts the team has made, many which may not be easy to […]

Read more
WPTavern: The New Woo Adopts Gutenberg Components, User Interface Driven by React

WPTavern: The New Woo Adopts Gutenberg Components, User Interface Driven by React WooSesh, the free virtual conference devoted to WooCommerce kicked off earlier today. Todd Wilkins, Head of eCommerce at Automattic, Kelly Hoffman, Head of Design for eCommerce at Automattic, and Aviva Pinchas, Product Lead of the WooCommerce Marketplace at Automattic got things started with […]

Read more