WordPress Plugin Vulnerabilities

BuddyPress 5.0.0-5.1.1 - Private Data Exposure via REST API

Description

Certain REST API requests could result in the exposure of private data.

Affects Plugins

Plugin icon
buddypress
Fixed in 5.1.2

References

URL
https://buddypress.org/2020/01/buddypress-5-1-2/
URL
https://github.com/buddypress/BuddyPress/security/advisories/GHSA-3j78-7m59-r7gv

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Petter Walbø Johnsgård and Jacek Suski
Verified
No
WPVDB ID
3cbbcc6e-2b0f-4e77-b5f9-a7c2f2f0efe7

Timeline

Publicly Published
2020-01-03 (about 6 years ago)
Added
2020-03-02 (about 6 years ago)
Last Updated
2021-03-27 (about 5 years ago)

Other

Published
Title
Published
2024-07-09
Title
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer < 3.10.9 - Unauthenticated Full Path Disclosure
Published
2025-11-18
Title
Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more < 1.49.3 - Unauthenticated Information Exposure
Published
2024-07-09
Title
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 <= 1.0.1 - Unauthenticated Information Exposure
Published
2025-12-26
Title
Project Manager < 3.0.2 - Authenticated (Subscriber+) Information Exposure
Published
2024-03-26
Title
VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access