.. / CVE-2022-2379

Exploit for WordPress Easy Student Results <=2.2.8 - Improper Authorization (CVE-2022-2379)

Description:

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as email address, physical address, and phone number.

Nuclei Template

View the template here CVE-2022-2379.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-2379.yaml

References:

https://wordpress.org/plugins/easy-student-results/
https://nvd.nist.gov/vuln/detail/CVE-2022-2379
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/soxoj/information-disclosure-writeups-and-pocs
https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6

.. / CVE-2022-2379 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Easy Student Results <=2.2.8 - Improper Authorization (CVE-2022-2379)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-2379