cleantalk
Vulnerabilities and Security Researches

Co-Authors Plus, 034cb5664dd2496536a4b1eb1b6eccfe0dfdee1d

CVE, Research URL

034cb5664dd2496536a4b1eb1b6eccfe0dfdee1d

Home page URL

Security reports for Co-Authors Plus

Application

Co-Authors Plus

Published on
Jun 07, 2022
Research Description
Co-Authors Plus [co-authors-plus] < 3.5.2 Co-Authors Plus 3.5 - 3.5.1 - Sensitive Information Disclosure The Co-Authors Plus plugin for WordPress is vulnerable to sensitive information disclosure via the /wp/v2/coauthors REST API input in versions 3.5 and 3.5.1. This is due to insufficient capability checking that allows unauthorized users to access the endpoint and retrieve guest authors email addresses.
Affected versions
max 3.5.2.
Status
vulnerable
Previous vulnerability researches
Co-Authors Plus (47bfeeb995af1fdc9960e569f888ae33e88cf9bf) , Jun 07, 2024
Co-Authors Plus (034cb5664dd2496536a4b1eb1b6eccfe0dfdee1d) , Jun 16, 2026
Co-Authors Plus (3b59fa89-76f2-42de-b8dc-b20029b03ca2) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026