BuddyPress 2.3.2 is an Urgent Security Update
The much anticipated new version of BuddyPress (v2.3) ushered in more than just some slick new features. A couple serious vulnerabilities went undetected during the development process and survived long enough to be released with the finished product. These vulnerabilities created loopholes in the BuddyPress private messaging system that essentially made it possible for any logged out user to view the subject lines of members of a network private messages by manipulating an AJAX request.
Simple Fix Available
Fortunately the solution to this security issue is quite simple – Update to the latest version of BuddyPress (v2.3.2). Unfortunately, it doesn’t seem like everyone has gotten the memo. If you administer an online community that’s powered by BuddyPress please don’t ignore the pending update indicator. Update to the latest version as soon as possible to ensure your community members privacy remains private.