Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
- https://wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon