exploitDog

CVE-2022-2373

Опубликовано: 29 авг. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Ссылки

https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:*

Версия до 1.5.7.7 (исключая)

EPSS

Процентиль: 92%

0.08392

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-v22h-7mrq-rcj9

CVSS3: 5.3

github

больше 3 лет назад

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

EPSS

Процентиль: 92%

0.08392

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862