Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Better Notifications for WP < 1.8.7 - Email Address Disclosure
Vulnerability Description
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress 信息泄露漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress plugin Emails and Alerts 存在信息泄露漏洞,该漏洞源于1.8.7之前的自定义WordPress电子邮件和提醒插件没有授权和CSRF检查其bnfw搜索用户的AJAX动作,允许任何通过身份验证的用户调用它并查询用户的电子邮件前缀(找到第一个字母,然后第二个,然后第三个,等等)。
CVSS Information
N/A
Vulnerability Type
N/A