Skip to content
Nuclei Templates

WordPress Directorist <7.3.1 - Information Disclosure

ID: CVE-2022-2376

Severity: medium

Author: Random-Robbie

Tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure,wpwax

Description

Section titled “Description”

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.

YAML Source

Section titled “YAML Source”
id: CVE-2022-2376


info:
  name: WordPress Directorist <7.3.1 - Information Disclosure
  author: Random-Robbie
  severity: medium
  description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
  impact: |
    An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks.
  remediation: Fixed in version 7.3.1.
  reference:
    - https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2376
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-2376
    cwe-id: CWE-862
    epss-score: 0.03672
    epss-percentile: 0.91725
    cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: wpwax
    product: directorist
    framework: wordpress
  tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure,wpwax


http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'directorist-authors__card__details__top'
          - 'directorist-authors__card__info-list'
        condition: and


      - type: word
        part: header
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 490a00463044022039da2472e035659d8018d74975b2183840f4ed47f926866fb4833c5b602df349022010e2ed84032d9e352dbaeaafa4601f4a15de0738b5a5e849ec17e8e908f3f6c2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-2376.yaml"

View on Github