Directorist < 7.3.1 - Unauthenticated Email Address Disclosure
CVE-2022-2376

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Directorist – WordPress Business Directory Plugin With Classified Ads Listings
Vendor: CVE Published:; 5 September 2022

What is CVE-2022-2376?

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users

Affected Version(s)

Directorist – WordPress Business Directory Plugin with Classified Ads Listings 7.3.1

References

https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-...

x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2022
Vulnerability Reserved
Jul 11, 2022

Credit

Krzysztof Zając

Wordpress

What is CVE-2022-2376?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit