Medium severity4.3NVD Advisory· Published Feb 28, 2022· Updated Jun 17, 2026
CVE-2022-0345
CVE-2022-0345
Description
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Customize WordPress Emails and Alertsdescription
- Range: <1.8.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/b3b523b9-6c92-4091-837a-d34e3174eb19nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.