3 matches found
CVE-2022-0287
The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog...
CVE-2022-0287
The CVE-2022-0287 issue affects the MyCred WordPress plugin prior to 2.4.4.1, where the mycred-tools-select-user AJAX action lacks authorization, allowing any authenticated user (e.g., a subscriber) to call the action and retrieve all email addresses from the blog. The root cause is absence of pr...
CVE-2022-0287 Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure
The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog...