[soniyabajoria]

Security risk: privesc. It could be possible to elevate a user’s privileges to a higher permission level.

Severity: critical

Fixed in: 2.6.5

Security risk: privesc. It could be possible to elevate a user’s privileges to a higher permission level.

Severity: high

Fixed in: 2.6.5

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: medium

Fixed in: 2.6.0

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: medium

Fixed in: 2.6.5

Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

Severity: low

Fixed in: 2.0

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: low

Fixed in: 2.5.9

Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

Severity: low

Fixed in: 2.0

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: low

Fixed in: 2.5.10

Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

Severity: low

Fixed in: 2.5.13

[Robin W]

ok, you are doing stuff with combinations of old versions of software – I can only help with current.

Wordpress 6.x dramatically changed how WordPress works, and Twenty Twenty-Two is one of the new FSE themes.

So on WordPress 6.5.5 with Twenty Twenty-Two you will need the fix mentioned above. BBpress 2.6.11 is the current version of bbpress and should also be used.

Regards

Robin

[prashpbt]

Hello Robin,

I am using the default Twenty Twenty-Two Version: 1.2 theme provided by WordPress in version WP 6.0.9, without any customizations.

Does that too need the above fix you mentioned?.

Also I have earlier version of BBpress i.e 2.6.9 working fine with WordPress 5.8 installed on one of a server, which works absolutely fine without any such issues.

Any way to debug the possible cause ?. Cause no errors in apache logs as well.

[Robin W]

I suspect you are using an FSE theme, so you need a fix to work with bbpress.
install

bbp style pack

once activated, navigate to

dashboard>settings>bbp style pack, and you should see the first tab called ‘Theme Support’ – if you don’t see this, come back.

In that tab, select

Enable Theme Support

and save

The forums should then display

[prashpbt]

Hello ,

I was in the process of checking BBpress 2.6.11 . I installed WP 6.0.9 on Centos 7 with Apache 2.2, MYSQL 5.5, PHP 5.6.40. Added BBpress from plugins menu .

However, after creating a forum or post topic , when I try to view the same , the URL that goes to http://{{URL}}/{{TO}}/{{WP}}/forums/forum/{{forum-name}}/ is blank and no content is shown.

Also enabled debugging in wp-config.php i.e define( ‘WP_DEBUG’, true );, however, no error is being thrown.

I checked with the latest 6.5.5 version as well on PHP 7.4, MYSQL 5.7 but this doesn’t work.

What could be causing the issue?. Could you please replicate this at your end?.

[John James Jacoby]

No apology necessary!

I think it’s good to post this here, in case it’s related to the most recent bbPress release.

There was a change related to Roles triggering PHP errors with certain plugins active, so it’s plausible that fix broke something else.

Which plugin were you using to make your new roles?

[neon67]

10х John! bbpress is alive! what’s important 🙂

[Kokiri]

PHP Version 8.2.18
WP Version 6.5.5
Multisite False
Active Members 255
Total Forums 10
Total Topics 30
Total Replies 80
Theme Type Traditional Theme
bbPress Version 2.6.11
Plugin Version 6.0.5
WP Debugging False

[Kokiri]

Hello everyone,

I hope you’re all doing well. I wanted to bring up an issue I’m encountering with our forum roles not displaying correctly for custom roles since making a recent change. Here are the details:

Issue:

Our custom forum roles were displaying correctly a few hours ago (e.g., instead of “Keymaster,” we had “Staff/Admin”). However, after disabling forum topic tags, the custom forum roles are no longer showing up. Instead, the default roles like “Keymaster” are being displayed.

Steps Taken:

Disabled forum topic tags in the settings.
Observed that the custom forum roles stopped displaying and reverted to default roles.

Has anyone else experienced a similar issue or have any suggestions on how to resolve this? Any help would be greatly appreciated!

Thank you in advance!

Best regards,

[Dave Lozier]

2.6.10 made all non bbpress pages 404, including our home page. 2.6.11 fixed this.

[John James Jacoby]

Blog post for 2.6.11 is up!

bbPress 2.6.11 is out!

[John James Jacoby]

If anyone out there needs to quickly do an emergency fix to their live site before updating to 2.6.11, here are the changed lines of code between 2.6.10 and 2.6.11:

https://bbpress.trac.wordpress.org/changeset/7272

I’m not advocating for hacking on weird files on live sites, but I understand everyone’s situations are different, and thought maybe this could be helpful to see.

[John James Jacoby]

Apologies to everyone who was quick to install 2.6.10 and had a scare.

It has been a few years; I’m out of practice and botched it.

I backported the 2.6.11 fix to the 2.6.10 tag, so in the unlikely event anyone still downloads 2.6.10 it will not be broken like it was.

Go get 2.6.11 from: https://wordpress.org/plugins/bbpress 💚

[Robin W]

I have raised a trac ticket for this release which hopefully the authors will look at

https://bbpress.trac.wordpress.org/ticket/3601

[Robin W]

these 13 tickets are in 2.6.10 I believe

https://bbpress.trac.wordpress.org/milestone/2.6.10

[Robin W]

these 13 tickets are in 2.6.10

https://bbpress.trac.wordpress.org/milestone/2.6.10

[PAbernathy]

The only thing I have in addition to bbpress is LearnPress Plugin that integrates with bbpress.

[PAbernathy]

I resolved mine by rolling back to a previous edition of bbpress. Clearly the bbpress update has issues and indeed caused 404 havoc on my website as well.

[PAbernathy]

I had the same issue….I freaking panicked. I had my host restore to yesterday’s backup. The bbpress update did the exact thing to my site…404 on Everything.

[devsg9]

Hi,
Blog page, Buddypress and bbpress pages working normal.
404 error coming on Elementor pages for non logged in users of the site.
Logged in users however are able to access all the pages.

I see, some issue with the login system with this bbpress update.

Please help.

[he110]

Hi Eusebiu,
I downgraded bbPress and all resumed.
Thank you.

[Eusebiu Oprinoiu]

You can get older versions from the Advanced page on WordPress.org.
You can find a dropdown with previous versions at the bottom of this page.

https://wordpress.org/plugins/bbpress/advanced/

Once you download the version you want, upload the ZIP archive under Plugins > Add New.
You will be asked to overwrite the existing plugin. Click Yes, and you are back to normal.

[Eusebiu Oprinoiu]

I just did a test with the LearnDash integration addon disabled, and it made no difference.
The issue is caused by bbPress.

[Eusebiu Oprinoiu]

I’m not using any other addon for bbPress, but I do have LearnDash and their bbPress integration addon.

bbPress Integration

[OSCOWP]

robin, do you know whats new in the bbpress 2.6.10 update?

There is no changelog…