CVE-2022-2379

CVE-2022-2379: Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

Vendor Unknown
Product Easy Student Results
Weakness CWE-862 · Missing authorization
Published August 15, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

Key dates

02Disclosure timeline

August 15, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE