5 matches found
CVE-2022-0384
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog...
CVE-2022-0384
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog...
CVE-2022-0384
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog...
CVE-2022-0384 Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapigetwpusers AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog...
CVE-2022-0384
The CVE-2022-0384 entry applies to the Video Conferencing with Zoom WordPress plugin prior to version 3.8.17. The vulnerability arises from lack of authorization in the vczapi_get_wp_users AJAX action, allowing any authenticated user (e.g., subscribers) to download the blog’s registered email add...