Security Advisory
CVE-2020-5244
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.