Codex Home → Releases → Version 12.6.0

Version 12.6.0

Version 12.6.0 is a BuddyPress security and maintenance release. It was released on September 24, 2025. Two changes were introduced including 1 security fix and 1 bug fix.

For Version 12.6.0, the database version (_bp_db_version in wp_options) was 13422, and the Trac revision was 14131.

Security fix

The BP REST API signups endpoint could leak signup data, including user email addresses, because of a too-lenient lookup function. Thanks to Asim Alshaya for responsibly reporting this issue.

Bug Fixes

Improve behavior of bp_email_unsubscribe_handler(). After the changes in the “Improve security of status update messages” changeset, non-logged-in users clicking an unsubscribe link received no feedback on the success of their action (see #9301).

BuddyPress Codex

Version 12.6.0

Security fix

Bug Fixes

Contents

Article Contributors

Want to help?