The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-08-15T08:37:23
Updated: 2022-08-15T08:37:23
Reserved: 2022-07-11T00:00:00
Link: CVE-2022-2379
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-15T11:21:23.480
Modified: 2022-08-16T17:08:22.703
Link: CVE-2022-2379
JSON object: View
Redhat Information
No data.
CWE