CVE-2022-2373

Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure

EPSS 1.4%CWE-862

Vexday Risk Score

18Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

29 ago 2022Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Productos afectados

Unknown · Simply Schedule Appointments – WordPress Booking Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31