4.3
CVE-2022-0384
- EPSS 0.99%
- Veröffentlicht 07.03.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 06:38:30
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginVideo Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure
Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog
Mögliche Gegenmaßnahme
Video Conferencing with Zoom: Update to version 3.8.17, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imdpen ≫ Video Conferencing With Zoom SwPlatformwordpress Version < 3.8.17
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Video Conferencing with Zoom
Version
[*, 3.8.17)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://plugins.trac.wordpress.org/changeset/2671219
https://wpscan.com/vulnerability/91c44c45-994b-4aed-b9f9-7db45924eeb4
https://www.wordfence.com/threat-intel/vulnerabilities/id/a528a2b5-55e5-46e4-8f04-0d2b49f2f683