4 matches found
CVE-2022-0345
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...
CVE-2022-0345
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...
CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...
CVE-2022-0345
The CVE-2022-0345 entry concerns the WordPress plugin Better Notifications for WP (BNFW) versions prior to 1.8.7. A lack of authorization and CSRF protection in the bnfw_search_users AJAX action enables any authenticated user to query user e-mail prefixes, effectively disclosing email prefixes (f...