Vulnerability Details CVE-2020-5244
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.4%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 5.0
References
- https://buddypress.org/2020/01/buddypress-5-1-2/
- https://github.com/buddypress/BuddyPress/commit/39294680369a0c992290577a9d740f4a2f2c2ca3
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-3j78-7m59-r7gv
- https://buddypress.org/2020/01/buddypress-5-1-2/
- https://github.com/buddypress/BuddyPress/commit/39294680369a0c992290577a9d740f4a2f2c2ca3
- https://github.com/buddypress/BuddyPress/security/advisories/GHSA-3j78-7m59-r7gv
Products affected by CVE-2020-5244
-
cpe:2.3:a:buddypress:buddypress:5.0.0
-
cpe:2.3:a:buddypress:buddypress:5.1.0
-
cpe:2.3:a:buddypress:buddypress:5.1.1