John James Jacoby, lead developer of bbPress, has released bbPress 2.5.9 to patch a security vulnerability, “bbPress 2.5.8 and below are susceptible to a cross-site-scripting vulnerability that’s due to the way users are linked to their profiles when they are mentioned in topics and replies,” Jacoby said. Marc-Alexandre Montpas is credited for responsibly disclosing the…
BuddyPress 2.3.5 is available and patches a security vulnerability that may allow privilege escalation for logged-in users. BuddyPress 2.3.4 and previous versions are affected however, versions 2.0.4, 2.1.2, and 2.2.4 include the patch. According to the BuddyPress development team, there is no evidence that the bug has been exploited in the wild. If your WordPress…
I have no idea what it feels like to get a patch committed into WordPress where millions will take advantage of it but it has to feel pretty darn good. At least that’s what it seems like according to Coen Jacobs who recently had his first patch added to the core of WordPress. Congrats Coen.…