The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog
CPE | Name | Operator | Version |
---|---|---|---|
video_conferencing_with_zoom | lt | 3.8.17 |