CVE-2022-2376

MEDIUM EXPLOITED NUCLEI

Directorist WP <7.3.1 - Info Disclosure

Title source: llm

Description

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users

Nuclei Templates (1)

WordPress Directorist <7.3.1 - Information Disclosure

MEDIUMby Random-Robbie

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad

Scores

CVSS v3 5.3

EPSS 0.1049

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2024-01-22

CWE

CWE-862

Status published

Products (1)

wpwax/directorist < 7.3.1

Published Sep 05, 2022

Tracked Since Feb 18, 2026