← back
CVE-2022-2376

Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

EPSS 1.4%CWE-862
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 1.4%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
05 Sep 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Affected products
Unknown · Directorist – WordPress Business Directory Plugin with Classified Ads Listings

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad