BuddyPress logo

BuddyPress

Plugin Vulnerabilities

2020-01-03 BuddyPress 5.0.0 - 5.1.1 - Private Data Exposure via REST API fixed in version 5.1.2
2019-12-23 BuddyPress < 5.1.1 - Denial of Service fixed in version 5.1.1
2016-12-23 BuddyPress 2.0-2.7.3 - Arbitrary File Deletion fixed in version 2.7.4
2015-11-11 BuddyPress <= 2.3.4 - Authenticated Privilege Escalation fixed in version 2.3.5
2014-08-01 Buddypress <= 1.9.1 - Crafted bp_new_group_id Cookie Arbitrary Group Man... fixed in version 1.9.2
2014-08-01 Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS) fixed in version 1.9.2
2014-08-01 BuddyPress 1.7.1 - Multiple SQL Injections fixed in version 1.7.2
2014-08-01 BuddyPress 1.2.9 - SQL Injection fixed in version 1.2.10
2012-03-31 Buddypress <= 1.5.4 - SQL Injection fixed in version 1.5.5

Is this your plugin?

We offer WordPress plugin security testing to help identify security vulnerabilities within your plugin. Please note that this is a paid service. If you are interested in talking about having your plugin tested by WordPress security experts, get in touch.