exploitDog

CVE-2022-2379

Опубликовано: 15 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

Ссылки

https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easy_student_results_project:easy_student_results:*:*:*:*:*:wordpress:*:*

Версия до 2.2.8 (включая)

EPSS

Процентиль: 97%

0.36543

Средний

7.5 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-756m-3q55-x5q6

CVSS3: 7.5

github

больше 3 лет назад

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

EPSS

Процентиль: 97%

0.36543

Средний

7.5 High

CVSS3

Дефекты

CWE-862