.. / CVE-2022-2376

Exploit for WordPress Directorist <7.3.1 - Information Disclosure (CVE-2022-2376)

Description:

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.

Nuclei Template

View the template here CVE-2022-2376.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-2376.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2376
https://nvd.nist.gov/vuln/detail/CVE-2022-2376
https://github.com/ARPSyndicate/kenzer-templates
https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad

.. / CVE-2022-2376 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Directorist <7.3.1 - Information Disclosure (CVE-2022-2376)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-2376