Get articles in your inbox!Subscribe

BuddyPress 4.2.0 Maintenance and Security Release

Site Index

This site uses affiliate links as a means of monetization.

BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.2.0 release addresses two security issues:

  • A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by Kieran Munday and Tim Coen.
  • A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by Kieran Munday.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the 4.2.0 changelog.

CMS & Marketing / BuddyPress 4.2.0 Maintenance and Security ReleaseLast updated on May 8, 2019
Save Your Favorite Articles!
Create an account and save articles

Site Index