Vulnerabilities > CVE-2022-0384 - Unspecified vulnerability in Imdpen Video Conferencing With Zoom
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog