Vulnerabilities and security researches forco-authors-plus co-authors-plus

Jun 07, 2024

CVE, Research URL: 47bfeeb995af1fdc9960e569f888ae33e88cf9bf
Home page URL: Security reports for Co-Authors Plus
Application: Co-Authors Plus
Date: Jun 02, 2022
Research Description: Co-Authors Plus [co-authors-plus] < 3.5.2 WordPress Co-Authors Plus plugin <= 3.5.1 - Guest Authors Email Address Disclosure vulnerability Guest Authors Email Address Disclosure vulnerability discovered by Douglas Johnson in WordPress Co-Authors Plus plugin (versions <= 3.5.1). Update the WordPress Co-Authors Plus plugin to the latest available version (at least 3.5.2).
Affected versions: Min 3.5, max 3.5.2.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 034cb5664dd2496536a4b1eb1b6eccfe0dfdee1d
Home page URL: Security reports for Co-Authors Plus
Application: Co-Authors Plus
Date: Jun 07, 2022
Research Description: Co-Authors Plus [co-authors-plus] < 3.5.2 Co-Authors Plus 3.5 - 3.5.1 - Sensitive Information Disclosure The Co-Authors Plus plugin for WordPress is vulnerable to sensitive information disclosure via the /wp/v2/coauthors REST API input in versions 3.5 and 3.5.1. This is due to insufficient capability checking that allows unauthorized users to access the endpoint and retrieve guest authors email addresses.
Affected versions: max 3.5.2.
Status: vulnerable

CVE, Research URL: 3b59fa89-76f2-42de-b8dc-b20029b03ca2
Home page URL: Security reports for Co-Authors Plus
Application: Co-Authors Plus
Date: -
Research Description: Co-Authors Plus [co-authors-plus] >= 3.5 - <= 3.5.1 Co-Authors-Plus 3.5/3.5.1 - Guest Authors Email Address Disclosure The plugin introduced an information disclosure vulnerability (specifically, the e-mails of guest authors) via a public REST endpoint accessible without any authentication
Affected versions: Min 3.5, max 3.5.1.
Status: vulnerable