WordPress Guest Support Plugin User Email Disclosure Vulnerability
Vulnerability
A vulnerability allowing unauthenticated user email disclosure exists in the Guest Support plugin for WordPress, affecting versions through 1.2.3. The issue arises from a public AJAX endpoint that permits anyone to search for and retrieve user email addresses without authentication or capability checks. This vulnerability enables unauthenticated attackers to enumerate user accounts and extract email addresses via the 'guest_support_handler=ajax' endpoint with the 'request=get_users' parameter.
Impact
Exploitation of this vulnerability leads to the unauthorized disclosure of user email addresses.
Reproduction
To reproduce this vulnerability, send a POST request to the 'guest_support_handler=ajax' endpoint with the 'request=get_users' parameter. This can be done without any authentication or user capabilities, allowing for the enumeration of user accounts and extraction of email addresses.
Remediation
Users are advised to update the Guest Support plugin to version 1.3.0 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.