Private data exposure via REST API in BuddyPress

CVE-2020-5244

What is CVE-2020-5244?

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.

References