{"id":"CVE-2022-2377","details":"The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog","modified":"2026-04-10T04:45:05.001943Z","published":"2022-08-22T15:15:14.733Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/f4e606e9-0664-42fb-a59b-21de306eb530"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sovware/directorist","events":[{"introduced":"0"},{"fixed":"3c07f8a6e9adbc21114e48d64ecb5f92ef7a4e12"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.3.0"}]}}],"versions":["released-v7.0.4","v7.0","v7.0.3.2","v7.0.3.3","v7.0.4.1","v7.0.5","v7.0.5.1","v7.0.5.2","v7.0.5.3","v7.0.5.4","v7.0.5.6","v7.0.6","v7.0.6.1","v7.0.6.2","v7.0.6.3","v7.0.7","v7.0.8","v7.1.0","v7.1.1","v7.1.2","v7.2.0","v7.2.1","v7.2.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2377.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}