Security risk: privesc. It could be possible to elevate a user’s privileges to a higher permission level.

Severity: critical

Fixed in: 2.6.5

Security risk: privesc. It could be possible to elevate a user’s privileges to a higher permission level.

Severity: high

Fixed in: 2.6.5

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: medium

Fixed in: 2.6.0

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: medium

Fixed in: 2.6.5

Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

Severity: low

Fixed in: 2.0

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: low

Fixed in: 2.5.9

Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

Severity: low

Fixed in: 2.0

Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

Severity: low

Fixed in: 2.5.10

Security risk: sqli. The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.

Severity: low

Fixed in: 2.5.13

[@gdragon Participant 6 months, 1 week ago]

All these are fixed, current stable version is 2.6.11, and all the risks you listed are for older versions. Update the plugin to the latest stable version.

[@arnoldmatt Participant 6 months ago]

Whew, that’s a lot to catch up on! Thanks for the info, Milan. Updating bbPress now.