BuddyPress Group Tags
Security Bug in BP Group Tags 2.0.3 (2 posts)

  1. HansRuedi Keller
    Posted 3 years ago #

    I'm using BP 1.6.4 together with Group Tags 2.0.3 and found the following bug:

    If you have a *hidden* BP Group and that hidden group has a group tag also belonging to a private group a *logged_in* member of the community is able to see that hidden group when he's not member of that hidden group! It's not the case if somebody is not logged in.

    What's the way to see the group? Click on a tag link (group header or widget cloud) or directly alter the URL (/groups/tag/blabla/) and you will get that hidden group in group directory. Click on the group name goes to 404 - but the group is not hidden that moment.

    Workaround: don't use group tags for hidden groups or wait for an update...


  2. Dwenaus
    Plugin Author

    Posted 3 years ago #

    I'll check this out. thanks for posting it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • BuddyPress Group Tags
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.