CVE-2022-0287

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
References
Configurations

Configuration 1

cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-04-25 04:16

Updated : 2022-05-03 07:07


NVD link : CVE-2022-0287

Mitre link : CVE-2022-0287

Products Affected
No products.
CWE