CVE-2024-2931 – WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure

https://notcve.org/view.php?id=CVE-2024-2931

01 Apr 2024 — The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site. El complemento WPFront User Role Editor para WordPress es vulnerable a la exposición de información confiden... • https://inky-knuckle-2c2.notion.site/WPFront-User-Role-Editor-Information-disclosure-7435b8340a004f5f8485cad375326b2c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •