BuddyPress users beware! A security vulnerability has been discovered in the news section of BuddyPress and all users are prompted to update to the newly released 2.3.3 as soon as possible.
The security problem is an error in the function that allows users to send and receive private messages. Users were able to manipulate any failed outgoing messages and to integrate unexpected output to the browser. While troubleshooting, the BuddyPress development team became aware of other vulnerabilities in the same area but all issues have been fixed in the 2.3.3 release.
To keep your site in tip top condition, make sure you update BuddyPress right away and, while you’re there, you might as well check the rest of the your software and plugins are fully up to date as well!