CVE-2022-2373
MEDIUM NUCLEISimply Schedule Appointments WP <1.5.7.7 - Info Disclosure
Title source: llmExploitation Summary
CVE-2022-2373 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address
Nuclei Templates (1)
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
MEDIUMVERIFIEDby theamanrawat,theabhinavgaur
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31
Scores
CVSS v3
5.3
EPSS
0.0137
EPSS Percentile
68.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
nsqua/simply_schedule_appointments
< 1.5.7.7
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026