CVE-2022-2376

CVE-2022-2376: Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

Vendor Unknown

Product Directorist – WordPress Business Directory Plugin with Classified Ads Listings

Weakness CWE-862 · Missing authorization

Published September 5, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users

Key dates

02Disclosure timeline

September 5, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2376 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2026-26979 Discourse: TL4 users are able to change status of restricted topics CVE-2017-2652 CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route CVE-2025-58193 WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability CVE-2026-47728 Bugsink: Project scoping missing in sourcemap and debug-file lookup