Lucene search
WPScanCVELIST:CVE-2022-0345HistoryFeb 28, 2022 - 9:06 a.m.
CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure
2022-02-2809:06:47
WPScan
www.cve.org
3
cve-2022-0345
better notifications for wp
email address disclosure
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
CNA Affected
[
{
"vendor": "Unknown",
"product": "Customize WordPress Emails and Alerts",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.8.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
patchstack
patchstack
wpexploit
wpexploit
Better Notifications for WP < 1.8.7 - Email Address Disclosure
2022-01-31 00:00:00
cve
cve
CVE-2022-0345
2022-02-28 09:15:08
cnvd
cnvd
WordPress Emails and Alerts plugin cross-site request forgery vulnerability
2022-03-02 00:00:00
wpvulndb
wpvulndb
Better Notifications for WP < 1.8.7 - Email Address Disclosure
2022-01-31 00:00:00
nvd
nvd
CVE-2022-0345
2022-02-28 09:15:08