WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure

Description

The plugin does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=mycred-tools-select-user

Affects Plugins

mycred
Fixed in version 2.4.3.1

References

CVE
CVE-2022-0287

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
6cd7cd6d-1cc1-472c-809b-b66389f149b0

Timeline

Publicly Published

2022-04-04 (about 10 months ago)

Added

2022-04-04 (about 10 months ago)

Last Updated

2022-04-09 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin