Vulnerabilities > CVE-2022-0345 - Missing Authorization vulnerability in Madewithfuel Customize Wordpress Emails and Alerts
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |