WordPress Plugin Vulnerabilities

Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure

Description

The plugin does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=mycred-tools-select-user

Affects Plugins

Plugin icon
mycred
Fixed in 2.4.4.1

References

CVE
CVE-2022-0287

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
6cd7cd6d-1cc1-472c-809b-b66389f149b0

Timeline

Publicly Published
2022-04-04 (about 2 years ago)
Added
2022-04-04 (about 2 years ago)
Last Updated
2023-07-24 (about 9 months ago)

Other

Published
Title
Published
2022-01-24
Title
Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation
Published
2024-04-22
Title
VK Block Patterns < 1.31.1.1 - Missing Authorization
Published
2023-03-10
Title
RapidLoad Power-Up for Autoptimize < 1.7.2 - Multiple Subscriber+ Unauthorised AJAX Calls
Published
2024-04-15
Title
Open Close WooCommerce Store < 4.9.2 - Missing Authorization
Published
2024-04-24
Title
Popup Box – Best WordPress Popup Plugin < 4.3.7 - Missing Authorization to Information Exposure