Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2022-0287

Disclosure Date: April 25, 2022 (last updated February 23, 2025)
The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0