BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 4.2.0 release addresses two security issues:
<ul>
<li>A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by <a href="http://www.klmunday.com/">Kieran Munday</a> and <a href="https://security-consulting.icu/">Tim Coen</a>.</li>
<li>A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by <a href="http://www.klmunday.com/">Kieran Munday.</a></li>
</ul>
These vulnerabilities were reported privately to the BuddyPress team, in accordance with <a href="https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/">WordPress’s security policies</a>. Our thanks to the reporters for practicing coordinated disclosure.
BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the <a href="https://codex.buddypress.org/releases/version-4-2-0/">4.2.0 changelog</a>.

BuddyPress 4.2.0 Maintenance and Security Release

buddypress-logo_fsgjni

mike-johnston company logo

mike-johnston

mike-johnston Profile

BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible. 
 The 4.2.0 release addresses two security issues: 
 
A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private message...