{"id":"CVE-2022-2376","details":"The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users","modified":"2026-04-12T02:50:53.592733Z","published":"2022-09-05T13:15:08.277Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sovware/directorist","events":[{"introduced":"0"},{"fixed":"3f6d887a95ab7db278c979b576d82444db45943e"}],"database_specific":{"cpe":"cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"7.3.1"}]}}],"versions":["released-v7.0.4","v7.0","v7.0.3.2","v7.0.3.3","v7.0.4.1","v7.0.5","v7.0.5.1","v7.0.5.2","v7.0.5.3","v7.0.5.4","v7.0.5.6","v7.0.6","v7.0.6.1","v7.0.6.2","v7.0.6.3","v7.0.7","v7.0.8","v7.1.0","v7.1.1","v7.1.2","v7.2.0","v7.2.1","v7.2.2","v7.3.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2376.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}