BuddyPress 2.3.5 is available and patches a security vulnerability that may allow privilege escalation for logged-in users. BuddyPress 2.3.4 and previous versions are affected however, versions 2.0.4, 2.1.2, and 2.2.4 include the patch.
According to the BuddyPress development team, there is no evidence that the bug has been exploited in the wild. If your WordPress site supports automatic updates to point releases, it will likely be updated by the time you read this post.
Slava Abakumov discovered the vulnerability and responsibly disclosed it to the development team. If you run into any issues with the update, you’re encouraged to post on the BuddyPress support forums.
Hot Tip! Thanks Jeff.
Looks like BP just released another version: 2.4.0 – 20 minutes ago.