QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2379

Published: Aug 15, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

Vendor	Product	Versions
Unknown	Easy Student Results	affected `2.2.8 - <= 2.2.8`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.