Lucene search
+L

21 matches found

Nuclei
Nuclei
added 8 hours ago29 views

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

7.5CVSS7.1AI score0.02801EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-34645

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0051EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.5 views

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.0051EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/08/15 11:21 a.m.2 views

CVE-2022-2379

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

7.5CVSS5.9AI score0.02801EPSS
Exploits2References3
NVD
NVD
added 2022/08/15 11:21 a.m.26 views

CVE-2022-2379

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

7.5CVSS0.02801EPSS
Exploits2References1
NVD
NVD
added 2022/08/15 11:21 a.m.12 views

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.0051EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/08/15 11:21 a.m.2 views

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.9AI score0.0051EPSS
Exploits2References2
OSV
OSV
added 2022/08/15 11:21 a.m.2 views

CVE-2022-2378

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.0051EPSS
Exploits2References1
Prion
Prion
added 2022/08/15 11:21 a.m.9 views

Cross site scripting

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

5.8CVSS6.1AI score0.0051EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/08/15 8:37 a.m.39 views

CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

7.5AI score0.02801EPSS
Exploits2References1
CVE
CVE
added 2022/08/15 8:37 a.m.2188 views

CVE-2022-2379

CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...

7.5CVSS7.3AI score0.02801EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/08/15 8:37 a.m.61 views

CVE-2022-2378

The CVE-2022-2378 entry concerns the Easy Student Results WordPress plugin (versions 2.2.8 and earlier). The root cause, as documented across sources, is that user-supplied parameters are not properly sanitised or escaped before being echoed back in the page, resulting in a Reflected Cross-Site S...

6.1CVSS6AI score0.0051EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/08/15 8:37 a.m.16 views

CVE-2022-2378 Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.0051EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.3 views

WordPress plugin Easy Student Results 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.8AI score0.0051EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.5 views

PT-2022-16264 · WordPress · Easy Student Results

Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive...

7.5CVSS7.2AI score0.02801EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.7 views

WordPress plugin Easy Student Results 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.5CVSS6.9AI score0.02801EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.3 views

PT-2022-16263 · WordPress · Easy Student Results

Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...

6.1CVSS5.9AI score0.0051EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.12 views

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc PoC When the "Enable API for Mobile Apps" settings...

7.5CVSS0.3AI score0.02801EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.128 views

Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=rpsresultbatch&edit=%3Cscript%3Ealert/XSS/%3C/script%3E...

6.1CVSS1AI score0.0051EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/19 12:0 a.m.151 views

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc When the "Enable API for Mobile Apps" settings...

7.5CVSS1.7AI score0.02801EPSS
Exploits2
Rows per page
Query Builder