CMS Critic Logo
  • Articles
  • Products
  • Critics
  • Programs
Login Person Icon

BuddyPress 4.2.0 Maintenance and Security Release

Home
Articles
Products
Likes

BuddyPress 4.2.0 Maintenance and Security Release

mike-johnston Profile
Mike Johnston
1 min

BuddyPress 4.2.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.

The 4.2.0 release addresses two security issues:

  • A cross-site scripting (XSS) vulnerability was fixed that could allow users to send malicious code in the content of private messages. Discovered and reported independently by Kieran Munday and Tim Coen.
  • A privilege escalation vulnerability was fixed that could allow users to reply to unauthorized private message threads. Discovered by Kieran Munday.

These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.

BuddyPress 4.2.0 also fixes 4 bugs. For complete details, visit the 4.2.0 changelog.

CMS
Wordpress
buddypress
CMS Critic Logo
  • Programs
  • Critics
  • About
  • Contact Us
  • Privacy
  • Disclaimer

©2025 CMS Critic. All rights reserved.