CVE-2022-2376

2022-09-0513:15:08

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-2376

directorist wordpress plugin

security vulnerability

email disclosure

nvd

unauthenticated access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.037 Low

EPSS

Percentile

91.8%

JSON

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users

Affected configurations

Vulners

NVD

Node

radiusthemeclassified_listing_-_classified_ads_\&_business_directoryRange<7.3.1

VendorProductVersionCPE
radiusthemeclassified_listing_\-_classified_ads_\&_business_directory*cpe:2.3:a:radiustheme:classified_listing_\-_classified_ads_\&_business_directory:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
radiustheme	classified_listing_\-_classified_ads_\&_business_directory	*	cpe:2.3:a:radiustheme:classified_listing_\-_classified_ads_\&_business_directory::::::::

CNA Affected

[
  {
    "product": "Directorist – WordPress Business Directory Plugin with Classified Ads Listings",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "7.3.1",
        "status": "affected",
        "version": "7.3.1",
        "versionType": "custom"
      }
    ]
  }
]