CVE-2022-2373

CVE-2022-2373: Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure

Vendor Unknown

Product Simply Schedule Appointments – WordPress Booking Plugin

Weakness CWE-862 · Missing authorization

Published August 29, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Key dates

02Disclosure timeline

August 29, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2373 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-30932 WordPress WP Compress for MainWP plugin <= 6.30.32 - Broken Access Control Vulnerability CVE-2024-54217 WordPress ARForms plugin <= 6.4.1 - Subscriber+ Plugin Settings Change vulnerability CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability CVE-2024-1634 Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection CVE-2025-59416 The Scratch Channel forks can publish articles