CVE-2022-2379
First published: Mon Aug 15 2022(Updated: )
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Easy Student Results Project Easy Student Results | <=2.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-2379?
CVE-2022-2379 is a vulnerability in the Easy Student Results WordPress plugin through version 2.2.8 that lacks authorization in its REST API, allowing unauthenticated users to retrieve sensitive information.
What is the severity of CVE-2022-2379?
The severity of CVE-2022-2379 is high, with a severity value of 7.5.
How does CVE-2022-2379 affect the Easy Student Results WordPress plugin?
CVE-2022-2379 affects the Easy Student Results WordPress plugin through version 2.2.8 by allowing unauthenticated users to access sensitive data.
How can the Easy Student Results WordPress plugin be fixed?
To fix the Easy Student Results WordPress plugin, upgrade to a version higher than 2.2.8 that includes proper authorization checks in its REST API.
What is the CWE ID of CVE-2022-2379?
CVE-2022-2379 is associated with CWE ID 862.
- collector/nvd-index
- vendor/easy student results project
- canonical/easy student results project easy student results
- version/easy student results project easy student results/2.2.8