Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2022-1092

Disclosure Date: April 25, 2022 (last updated February 23, 2025)
The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0