Description
The API exposes sensitive information (Personally Identifiable Information (PII)) due to a vulnerability in the authorization process. An unauthenticated attacker can gain access to the personal data.
Remediation
Implement a robust authorization mechanism
References
Related Vulnerabilities
ZK Framework AuUploader Information Disclosure (CVE-2022-36537)
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
KeyCloak Information Disclosure (CVE-2020-27838)
WordPress Plugin WooCommerce Information Disclosure (4.5.2)
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)