CVE-2022-2373

State: PUBLISHED · Published: 2022-08-29 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

CWE

CWE-862 — CWE-862 Missing Authorization

Affected

Unknown / Simply Schedule Appointments – WordPress Booking Plugin — v=1.5.7.7 <1.5.7.7 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31 x_refsource_MISC

Source

cvelistV5-main/cves/2022/2xxx/CVE-2022-2373.json