Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
CVE-2022-2379

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Easy Student Results
Vendor: CVE Published:; 15 August 2022

Summary

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

Affected Version(s)

Easy Student Results 2.2.8

References

https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-...

x_refsource_MISC

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2022
Vulnerability Reserved
Jul 11, 2022

Credit

Raad Haddad