← Zuruck zu CVEs
CVE-2022-2379
HIGH7.5
Beschreibung
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/15/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
easy_student_results_project:easy_student_results
Schwachen (CWE)
CWE-862
Referenzen
https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6(contact@wpscan.com)
https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.