Vulnerabilities

CVE-2022-0345

by Fred · 28/02/2022

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).

Date published : 2022-02-28

https://wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19

Similar

Tags: Cybersecurity Alert