First published: Mon Aug 15 2022(Updated: )
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Easy Student Results Project Easy Student Results | <=2.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2379 is a vulnerability in the Easy Student Results WordPress plugin through version 2.2.8 that lacks authorization in its REST API, allowing unauthenticated users to retrieve sensitive information.
The severity of CVE-2022-2379 is high, with a severity value of 7.5.
CVE-2022-2379 affects the Easy Student Results WordPress plugin through version 2.2.8 by allowing unauthenticated users to access sensitive data.
To fix the Easy Student Results WordPress plugin, upgrade to a version higher than 2.2.8 that includes proper authorization checks in its REST API.
CVE-2022-2379 is associated with CWE ID 862.