CVE-2022-2377

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-2377

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2377.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2377

Published

2022-08-22T15:15:14.733Z

Modified

2026-04-10T04:45:05.001943Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog

References

https://wpscan.com/vulnerability/f4e606e9-0664-42fb-a59b-21de306eb530

Affected packages

Git / github.com/sovware/directorist

Affected ranges

Type

GIT

Repo

https://github.com/sovware/directorist

Events

Introduced

Fixed

3c07f8a6e9adbc21114e48d64ecb5f92ef7a4e12

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.3.0"
        }
    ]
}

Affected versions

released-v7.*

released-v7.0.4

v7.*

v7.0

v7.0.3.2

v7.0.3.3

v7.0.4.1

v7.0.5

v7.0.5.1

v7.0.5.2

v7.0.5.3

v7.0.5.4

v7.0.5.6

v7.0.6

v7.0.6.1

v7.0.6.2

v7.0.6.3

v7.0.7

v7.0.8

v7.1.0

v7.1.1

v7.1.2

v7.2.0

v7.2.1

v7.2.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2377.json"