Advisories for Composer/Bbpress/Bbpress package

An unauthenticated privilege-escalation issue exists in the bbPress plug for WordPress when New User Registration is enabled.

The bbPress plug for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.

bbPress is vulnerable to XSS through the /bb-login.php url via the re parameter.