Impact
Requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed.
Patches
This has been patched in version 5.1.2. It's strongly encouraged to update to the latest version.
References
https://buddypress.org/2020/01/buddypress-5-1-2/
For more information
Any security reports in BuddPyress can be submitted via HackerOne
Impact
Requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed.
Patches
This has been patched in version 5.1.2. It's strongly encouraged to update to the latest version.
References
https://buddypress.org/2020/01/buddypress-5-1-2/
For more information
Any security reports in BuddPyress can be submitted via HackerOne