CVE-2022-2373

Summary

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address

Affected Software

VendorProductVersion RangeStatus
UnknownSimply Schedule Appointments – WordPress Booking Plugin1.5.7.7 < 1.5.7.7affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References