Skip to main content
WordPress Support

BuddyPress: BuddyPress 2.8.2 Security Release

By 10/03/2017October 24th, 2017No Comments

BuddyPress: BuddyPress 2.8.2 Security Release

BuddyPress 2.8.2 is now available. This is a security release. We strongly encourage all BuddyPress sites to upgrade as soon as possible.

BuddyPress 2.8.1 and earlier versions were affected by the following three security issues:

  1. Cross-site request forgery (CSRF) in the XProfile administration Dashboard panel.
  2. Cross-site request forgery (CSRF) in a number of user-facing AJAX endpoints.
  3. Cross-site request forgery (CSRF) when dismissing a pending email change.

These vulnerabilities were reported privately by Ronnie Skansing. Our thanks to Ronnie for reporting security issues in accordance with WordPress’s security policies.



Source: WordPress

Leave a Reply