Lucene search

[email protected]NVD:CVE-2022-2373

HistoryAug 29, 2022 - 6:15 p.m.

CVE-2022-2373

2022-08-2918:15:09

CWE-862

[email protected]

web.nvd.nist.gov

simply schedule appointments

wordpress plugin

cve-2022-2373

authorisation vulnerability

rest endpoint

unauthenticated users

user details

name

email address

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

69.3%

JSON

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Affected configurations

Nvd

Node

nsquasimply_schedule_appointmentsRange<1.5.7.7wordpress

VendorProductVersionCPE
nsquasimply_schedule_appointments*cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
nsqua	simply_schedule_appointments	*	cpe:2.3:a:nsqua:simply_schedule_appointments::::::wordpress::*

References

wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

69.3%

JSON

Related for NVD:CVE-2022-2373

nuclei1 patchstack1 wpexploit1 cvelist1 cve1 prion1 wpvulndb1