cbcvebase.
CVE-2022-2376
published 2022-09-05

CVE-2022-2376: The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any…

PriorityP277medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.35%
68.1th percentile
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users

Affected

1 ranges
VendorProductVersion rangeFixed in
wpwaxdirectorist< 7.3.17.3.1

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php?action=directorist_author_pagination
otherdirectorist_author_pagination
  • HTTP GET request to /wp-admin/admin-ajax.php with action=directorist_author_pagination — no authentication required. A 200 response with body containing both 'directorist-authors__card__details__top' and 'directorist-authors__card__info-list' and Content-Type: text/html confirms the vulnerability is exploitable.
  • Response body match: look for both HTML class strings 'directorist-authors__card__details__top' AND 'directorist-authors__card__info-list' simultaneously in the response body to confirm email address disclosure.
  • ·Vulnerability is only present in Directorist plugin versions before 7.3.1. Ensure the installed version is below 7.3.1 before treating a positive match as exploitable.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.