CVE-2022-2377

State: PUBLISHED · Published: 2022-08-22 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog

CWE

CWE-862 — CWE-862 Missing Authorization
CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Unknown / Directorist – WordPress Business Directory Plugin with Classified Ads Listings — v=7.3.0 <7.3.0 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/f4e606e9-0664-42fb-a59b-21de306eb530 x_refsource_MISC

Source

cvelistV5-main/cves/2022/2xxx/CVE-2022-2377.json