Lucene search
HistorySep 05, 2022 - 1:15 p.m.
CVE-2022-2376
directorist
wordpress
ajax
email addresses
security disclosure
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.037 Low
EPSS
Percentile
91.8%
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Affected configurations
Node
wpwaxdirectoristRange<7.3.1wordpress
Related
cve
cve
CVE-2022-2376
2022-09-05 13:15:08
patchstack
patchstack
wpvulndb
wpvulndb
Directorist < 7.3.1 - Unauthenticated Email Address Disclosure
2022-08-10 00:00:00
cvelist
cvelist
CVE-2022-2376 Directorist < 7.3.1 - Unauthenticated Email Address Disclosure
2022-09-05 12:35:19
wpexploit
wpexploit
Directorist < 7.3.1 - Unauthenticated Email Address Disclosure
2022-08-10 00:00:00
prion
prion
Code injection
2022-09-05 13:15:00
nuclei
nuclei
WordPress Directorist <7.3.1 - Information Disclosure
2022-09-06 08:57:31
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.037 Low
EPSS
Percentile
91.8%
Related for NVD:CVE-2022-2376