CVE-2022-2376
published 2022-09-05CVE-2022-2376: The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any…
PriorityP277medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.35%
68.1th percentile
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpwax | directorist | < 7.3.1 | 7.3.1 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin-ajax.php?action=directorist_author_pagination
otherdirectorist_author_pagination
- →HTTP GET request to /wp-admin/admin-ajax.php with action=directorist_author_pagination — no authentication required. A 200 response with body containing both 'directorist-authors__card__details__top' and 'directorist-authors__card__info-list' and Content-Type: text/html confirms the vulnerability is exploitable.
- →Response body match: look for both HTML class strings 'directorist-authors__card__details__top' AND 'directorist-authors__card__info-list' simultaneously in the response body to confirm email address disclosure.
- ·Vulnerability is only present in Directorist plugin versions before 7.3.1. Ensure the installed version is below 7.3.1 before treating a positive match as exploitable. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jcp9-w92m-j67j: The Directorist WordPress plugin before 7
ghsa_unreviewed·2022-09-06
CVE-2022-2376 [MEDIUM] CWE-862 GHSA-jcp9-w92m-j67j: The Directorist WordPress plugin before 7
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
VulnCheck
wpwax directorist Missing Authorization
vulncheck·2022·CVSS 5.3
CVE-2022-2376 [MEDIUM] wpwax directorist Missing Authorization
wpwax directorist Missing Authorization
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Affected: wpwax directorist
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2022-2376; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-24&host_type=src&vulnerability=cve-2022-2376; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-27&host_type=src&vulnerability
No detection rules found.
Nuclei
WordPress Directorist <7.3.1 - Information Disclosure
nuclei·CVSS 5.3
CVE-2022-2376 [MEDIUM] WordPress Directorist <7.3.1 - Information Disclosure
WordPress Directorist <7.3.1 - Information Disclosure
WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
Template:
id: CVE-2022-2376
info:
name: WordPress Directorist <7.3.1 - Information Disclosure
author: Random-Robbie
severity: medium
description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
impact: |
An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks.
remediation: Fixed in version 7.3.1.
refere
No writeups or analysis indexed.
2022-09-05
Published
Exploited in the wild