CVE-2022-2379

HIGH NUCLEI

Easy Student Results <2.2.8 - Info Disclosure

Title source: llm

Description

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

Nuclei Templates (1)

WordPress Easy Student Results <=2.2.8 - Improper Authorization

HIGHVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6

Scores

CVSS v3 7.5

EPSS 0.3654

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-862

Status published

Products (1)

easy_student_results_project/easy_student_results < 2.2.8

Published Aug 15, 2022

Tracked Since Feb 18, 2026