Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.10 views

CVE-2022-0345

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...

4.3CVSS6.6AI score0.00423EPSS
Exploits2References1
OSV
OSV
added 2022/02/28 9:15 a.m.3 views

CVE-2022-0345

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...

4.3CVSS5.8AI score0.00423EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/02/28 9:6 a.m.25 views

CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...

4.9AI score0.00423EPSS
Exploits2References1
CVE
CVE
added 2022/02/28 9:6 a.m.103 views

CVE-2022-0345

The CVE-2022-0345 entry concerns the WordPress plugin Better Notifications for WP (BNFW) versions prior to 1.8.7. A lack of authorization and CSRF protection in the bnfw_search_users AJAX action enables any authenticated user to query user e-mail prefixes, effectively disclosing email prefixes (f...

4.3CVSS4.4AI score0.00423EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder