BbPress 2.5.4 update
A few hours ago a new bbPress 2.5.4 update was published that solves several bugs , including a security problem, so it is advisable to update as soon as possible .
According to official sources, those responsible for the bbPress project have been notified by security researcher Mazen Gamal Mesbah of a serious vulnerability when displaying the username. This researcher has already discovered several bugs in services as popular as Yahoo, Mailchimp, Sony or Automattic.
Vulnerability analysis fixed by bbPress 2.5.4 update
In the bug track of bbPress they explain in detail how this bug is produced. When a user’s profile is accessed or edited, some data is not sanitized correctly to be displayed.
According to the developers of bbPress, it is not a critical bug but important enough to launch a new update. At first it was thought that WordPress filters themselves were responsible for sanitizing user names correctly but it turned out not to be so, since this is only done when it is an administrator user.
To solve the problem, two functions have been modified in bbPress:
In short, if you have a WordPress blog with a bbPress forum you should update as soon as possible because the 2.5.4 update of bbPress solves a very serious security vulnerability.