The plugin does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog
Open the following URL as a subscriber: https://example.com/wp-admin/admin-ajax.php?action=vczapi_get_wp_users
CPE | Name | Operator | Version |
---|---|---|---|
video-conferencing-with-zoom-api | lt | 3.8.17 |