CVE-2020-5244

Summary

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.

Affected Software

VendorProductVersion RangeStatus
buddypressBuddyPress< 5.1.2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References