CVE-2022-2376
MEDIUM EXPLOITED NUCLEIDirectorist WP <7.3.1 - Info Disclosure
Title source: llmExploitation Summary
CVE-2022-2376 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Nuclei Templates (1)
WordPress Directorist <7.3.1 - Information Disclosure
MEDIUMby Random-Robbie
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
Scores
CVSS v3
5.3
EPSS
0.0135
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
VulnCheck KEV
2024-01-22
CWE
CWE-862
Status
published
Products (1)
wpwax/directorist
< 7.3.1
Published
Sep 05, 2022
Tracked Since
Feb 18, 2026