CVE-2022-1186
The WordPress plugin Be POPIA Compliant (vulnerable up to 1.1.5) exposes site visitors’ emails and usernames to unauthenticated users via an API route. Root cause cited in multiple sources is insufficient access controls on the API route (no restrictions on sensitive data exposure). No exploit de...