CVE-2022-2379

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

Related Vulnerabilities

CVE-2015-20067

HIGH
CVSS:7.5(High)

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...

CWE-8622015

CVE-2017-1002006

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-1002007

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-10846

HIGH
CVSS:7.5(High)

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.

CWE-8622017

CVE-2017-11135

HIGH
CVSS:7.5(High)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore,...

CWE-8622017

CVE-2017-18666

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 201...

CWE-8622017