{"containers": {"cna": {"affected": [{"product": "Easy Student Results", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "2.2.8", "status": "affected", "version": "2.2.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Raad Haddad"}], "descriptions": [{"lang": "en", "value": "The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-15T08:37:23.000Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6"}], "source": {"discovery": "EXTERNAL"}, "title": "Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2379", "STATE": "PUBLIC", "TITLE": "Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Easy Student Results", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.2.8", "version_value": "2.2.8"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Raad Haddad"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:06.362Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2379", "datePublished": "2022-08-15T08:37:23.000Z", "dateReserved": "2022-07-11T00:00:00.000Z", "dateUpdated": "2024-08-03T00:39:06.362Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:easy_student_results_project:easy_student_results:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "891AA51C-F51F-4DB9-B693-28AC2BD77BB4", "versionEndIncluding": "2.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc"}, {"lang": "es", "value": "El plugin Easy Student Results de WordPress versiones hasta 2.2.8, carece de autorizaci\u00f3n en su API REST, lo que permite a usuarios no autenticados recuperar informaci\u00f3n relacionada con los cursos, los ex\u00e1menes, los departamentos, as\u00ed como las calificaciones de los estudiantes y la informaci\u00f3n personal como la direcci\u00f3n de correo electr\u00f3nico, la direcci\u00f3n f\u00edsica, el n\u00famero de tel\u00e9fono, etc."}], "id": "CVE-2022-2379", "lastModified": "2024-11-21T07:00:52.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-15T11:21:23.480", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Secondary"}]}

{}

{}