daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-2373.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-07 11:51:10 -04:00
parent 9ab3f220ad
commit 63427283e5
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-2373.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-2373
info:
name: Simply Schedule Appointments < 1.5.7.7 - Email Address Disclosure
name: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
author: theamanrawat,theabhinavgaur
severity: medium
description: |
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address.
WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.
reference:
- https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31
- https://wordpress.org/plugins/simply-schedule-appointments/
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/04/07