The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Advisories
Source ID Title
EUVD EUVD EUVD-2022-15458 The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 17 Oct 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Wpexperts
Wpexperts mycred
CPEs cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpexperts:mycred:*:*:*:*:*:wordpress:*:*
Vendors & Products Mycred
Mycred mycred
Wpexperts
Wpexperts mycred

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-02T23:25:40.098Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-0287

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-25T16:16:07.523

Modified: 2025-10-17T16:52:50.380

Link: CVE-2022-0287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.