The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Advisories
Source ID Title
EUVD EUVD EUVD-2022-24435 The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 17 Oct 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Wpexperts
Wpexperts mycred
CPEs cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpexperts:mycred:*:*:*:*:*:wordpress:*:*
Vendors & Products Mycred
Mycred mycred
Wpexperts
Wpexperts mycred

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-02T23:55:22.825Z

Reserved: 2022-03-25T00:00:00

Link: CVE-2022-1092

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-25T16:16:08.310

Modified: 2025-10-17T16:52:50.380

Link: CVE-2022-1092

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.