CVE-2022-0384

Summary

The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog

Affected Software

VendorProductVersion RangeStatus
UnknownVideo Conferencing with Zoom3.8.17 < 3.8.17affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References