Version 7.3.0
Version 7.3.0 is a BuddyPress security release. It was released on April 14, 2021. 4 vulnerabilities and a bug were fixed.
For version 7.3.0, the database version (bp_db_version in wp_options) was 12385, and the Trac revision was 12884.
Fixes
- A vulnerability was fixed that could allow a member to create a group on behalf of another member via a REST API endpoint.
- A vulnerability was fixed that could allow members to favorite any private/hidden activities they shouldn’t access to via a REST API endpoint.
- A vulnerability was fixed that could allow the creator of a group to still be able to update or delete it after being demoted as a regular member of it via a REST API endpoint.
- A vulnerability was fixed that could allow group’s banned members to remove themselves from the group and still be able to join it or request a membership to it via a REST API endpoint.
- Only load the BuddyPress WP CLI scaffold command if available globally (#8456).
