In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-02-24T17:25:15

Updated: 2024-08-04T08:22:09.059Z

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5244

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-02-24T18:15:22.400

Modified: 2020-02-25T21:34:35.270

Link: CVE-2020-5244

cve-icon Redhat

No data.