BuddyPress 2.3.5 Patches Privilege Escalation Issue

BuddyPress 2.3.5 is available and patches a security vulnerability that may allow privilege escalation for logged-in users. BuddyPress 2.3.4 and previous versions are affected however, versions 2.0.4, 2.1.2, and 2.2.4 include the patch.

According to the BuddyPress development team, there is no evidence that the bug has been exploited in the wild. If your WordPress site supports automatic updates to point releases, it will likely be updated by the time you read this post.

Slava Abakumov discovered the vulnerability and responsibly disclosed it to the development team. If you run into any issues with the update, you’re encouraged to post on the BuddyPress support forums.

1

One response to “BuddyPress 2.3.5 Patches Privilege Escalation Issue”

  1. Hot Tip! Thanks Jeff.

    Looks like BP just released another version: 2.4.0 – 20 minutes ago.

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: