CVE-2022-2373
published 2022-08-29CVE-2022-2373: The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve…
PriorityP337medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
1.42%
69.6th percentile
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nsqua | simply_schedule_appointments | < 1.5.7.7 | 1.5.7.7 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
nuclei·CVSS 5.3
CVE-2022-2373 [MEDIUM] WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.
Template:
id: CVE-2022-2373
info:
name: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
author: theamanrawat,theabhinavgaur
severity: medium
description: |
WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.
impact: |
An attacker can exploit this vulnerability t
2022-08-29
Published