In BuddyPress prior to 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
buddypress buddypress |