CVE-2022-2379

Name of the Vulnerable Software and Affected Versions Easy Student Results WordPress plugin versions 2.2.8 and earlier

Description The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive information, including data related to courses, exams, departments, student grades, and personally identifiable information (PII) such as email addresses, physical addresses, and phone numbers.

Recommendations For Easy Student Results WordPress plugin versions 2.2.8 and earlier, consider disabling the REST API until a patch is available to prevent unauthorized access to sensitive information. Restrict access to the plugin's API endpoints to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.