WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. an information disclosure vulnerability exists in versions of the WordPress plugin myCred prior to 2.4.3.1, which stems from the plugin not having any authorization in its mycred-tools-select-user AJAX operation. An attacker could exploit this vulnerability to allow any authenticated user (such as a subscriber) to call and retrieve all email addresses in a blog.