+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress: BuddyPress 2.9.2 Security and Maintenance Release

BuddyPress 2.9.2 is now available. This is a security and maintenance release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

The 2.9.2 release addresses five security issues:

  • A Cross Site Request Forgery (CSRF) vulnerability was fixed in the interface used by admins to perform certain actions related to sitewide notices. Reported by J.D. Grimes.
  • Some uses of serialized data were judged to need hardening. Reported by John James Jacoby of the BuddyPress security team.
  • An open redirect was fixed on the user edit screens. Reported by Yasin Soliman (ysx).
  • An unauthorized information disclosure vulnerability was fixed in an AJAX handler. Reported by J.D. Grimes.
  • A Cross Site Scripting (XSS) vulnerability was fixed in the avatar upload interface. Reported by Ronnie Skansing.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to all reporters for practicing coordinated disclosure.

In addition, 2.9.2 includes a change that improves compatibility with the upcoming WordPress 4.9 release, by removing the call to a newly deprecated hook.



Source: WordPress

Related Post
WPTavern: Gutenberg 5.5 Adds New Group Block for Nesting Child Blocks

WPTavern: Gutenberg 5.5 Adds New Group Block for Nesting Child Blocks Gutenberg 5.5 was released with the long-awaited Group block, previously known as the Section block. It was renamed to avoid confusion with the HTML5 section element and prevent potential overlap with future site/theme type sections, such as headers, sidebars, and footers. The first iteration […]

Read more
HeroPress: Building Stability With WordPress – WordPress এবং স্থিতিশীলতা, বাংলা তে পড়ুন

HeroPress: Building Stability With WordPress – WordPress এবং স্থিতিশীলতা, বাংলা তে পড়ুন এই নিবন্ধটি বাংলায় পাওয়া যায় This is the first time my real life story is going to be live for the people of the World. Till now I was living my life with my own surroundings, now it will be no more that […]

Read more
WPTavern: PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities

WPTavern: PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities image credit: Jason Blackeye A security service called Plugin Vulnerabilities, founded by John Grillot, is taking a vigilante approach to addressing grievances against WordPress.org support forum moderators. The company is protesting the moderators’ actions by publishing zero-day vulnerabilities (those for which no patch […]

Read more