Lucene search

[email protected]NVD:CVE-2022-2373

HistoryAug 29, 2022 - 6:15 p.m.

CVE-2022-2373

2022-08-2918:15:09

CWE-862

[email protected]

web.nvd.nist.gov

simply schedule appointments

wordpress plugin

cve-2022-2373

authorisation vulnerability

rest endpoint

unauthenticated users

user details

name

email address

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Affected configurations

NVD

Node

nsquasimply_schedule_appointmentsRange<1.5.7.7wordpress

References

wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for NVD:CVE-2022-2373

wpexploit1 patchstack1 nuclei1 cve1 cvelist1 wpvulndb1 prion1