nvd-json-data-feeds/CVE-2022/CVE-2022-23xx/CVE-2022-2379.json

{
  "id": "CVE-2022-2379",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2022-08-15T11:21:23.480",
  "lastModified": "2022-08-16T17:08:22.703",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc"
    },
    {
      "lang": "es",
      "value": "El plugin Easy Student Results de WordPress versiones hasta 2.2.8, carece de autorizaci\u00f3n en su API REST, lo que permite a usuarios no autenticados recuperar informaci\u00f3n relacionada con los cursos, los ex\u00e1menes, los departamentos, as\u00ed como las calificaciones de los estudiantes y la informaci\u00f3n personal como la direcci\u00f3n de correo electr\u00f3nico, la direcci\u00f3n f\u00edsica, el n\u00famero de tel\u00e9fono, etc."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:easy_student_results_project:easy_student_results:*:*:*:*:*:wordpress:*:*",
              "versionEndIncluding": "2.2.8",
              "matchCriteriaId": "891AA51C-F51F-4DB9-B693-28AC2BD77BB4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}