The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-15458 | The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 17 Oct 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpexperts
Wpexperts mycred |
|
CPEs | cpe:2.3:a:wpexperts:mycred:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Mycred
Mycred mycred |
Wpexperts
Wpexperts mycred |

Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-02T23:25:40.098Z
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-0287

No data.

Status : Modified
Published: 2022-04-25T16:16:07.523
Modified: 2025-10-17T16:52:50.380
Link: CVE-2022-0287

No data.

No data.