+44 0330 223 3428
Call Us
+44 0330 223 3428

BuddyPress: BuddyPress 4.2.0 Maintenance and Security Release

BuddyPress: BuddyPress 4.2.0 Maintenance and Security Release

BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.2.0 release addresses two security issues:

  • A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by Kieran Munday and Tim Coen.
  • A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by Kieran Munday.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the 4.2.0 changelog.


BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. The 4.2.0 release addresses two security issues: A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by Kieran Munday and Tim Coen.A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by Kieran Munday. These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure. BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the 4.2.0 changelog.

Source: WordPress

Related Post
WPTavern: WPWeekly Episode 349 – Sandy Edwards and the Kids Event Working Group Initiative

WPTavern: WPWeekly Episode 349 – Sandy Edwards and the Kids Event Working Group Initiative In this episode, John James Jacoby and I are joined by Sandy Edwards. Sandy gave us a behind the scenes look at what it takes to organize a WordPress event for children and teens. She also provides background information on a […]

Read more
WPTavern: WordPress Ends Support for PHP 5.2 – 5.5, Bumps Minimum Required PHP Version to 5.6

WPTavern: WordPress Ends Support for PHP 5.2 – 5.5, Bumps Minimum Required PHP Version to 5.6 WordPress has officially ended support for PHP 5.2 – 5.5 and bumped its minimum required PHP version to 5.6. The plan announced last December was to bump the minimum required version in early 2019 and, depending on the results, […]

Read more
WPTavern: Gutenberg 5.3 Introduces Block Management, Adds Nesting to the Cover Block

WPTavern: Gutenberg 5.3 Introduces Block Management, Adds Nesting to the Cover Block Gutenberg 5.3 was released today with basic block management, a feature that will be included in WordPress 5.2. It is a new modal that can be launched from the vertical ellipses menu, inspired by Rich Tabor’s CoBlocks implementation. Users can turn individual blocks […]

Read more