CVE-2022-0384

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/03/2022
Last modified:
02/08/2023

Description

The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:imdpen:video_conferencing_with_zoom:*:*:*:*:*:wordpress:*:* 3.8.17 (excluding)