The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a member to read private messages in a thread they were not invited to, using the BuddyPress REST API buddypress/v1/messages endpoint.
2021-03-17 (about 1 years ago)
2021-03-17 (about 1 years ago)
2021-03-19 (about 1 years ago)