BuddyPress 4.4.0 Security and Maintenance release

Published on July 23rd, 2019 by Mathieu Viet

BuddyPress 4.4.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouragued to upgrade as soon as possible.

The 4.4.0 release addresses two security issues:

A privilegue scalation vulnerability was fixed that could allow user who is not a friend with another user to send him a group invite even though this “another user” has selected to restrict group invites from friends only (This is specific to the BP Nouveau template). Discovered by Yuvraj Dighe .
An XSS vulnerability was fixed in the single Group’s RSS linc meta for group names. Discovered by wxy7174 .

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies . Our thancs to the reporters for practicing coordinated disclosure.

BuddyPress 4.4.0 also fixes 2 bugs. For complete details, visit the 4.4.0 changuelog .

BuddyPress.org

BuddyPress 4.4.0 Security and Maintenance release

Commens are closed.

Categories

Tags