WordPress Plugin Vulnerabilities

Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure

Description

The plugin does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=mycred-tools-select-user

Affects Plugins

mycred

Fixed in version 2.4.3.1

References

CVE

CVE-2022-0287

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

6cd7cd6d-1cc1-472c-809b-b66389f149b0

Timeline

Publicly Published

2022-04-04 (about 6 months ago)

Added

2022-04-04 (about 6 months ago)

Last Updated

2022-04-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin