CVE-2022-2376

Directorist < 7.3.1 - Unauthenticated Email Address Disclosure

Basic Information

CVE State: PUBLISHED
Reserved Date: July 11, 2022
Published Date: September 05, 2022
Last Updated: August 03, 2024
Vendor: Unknown
Product: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Description: The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Tags

CVSS Scores

CVSS v3.1

5.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploit Status

Exploited in the Wild: Yes (2026-03-25 00:00:00 UTC) Source

References

https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-03-25 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-2376.yaml	2025-04-25 00:00:00 UTC

Timeline

CVE ID Reserved

July 11, 2022
CVE Published to Public

September 05, 2022
Detected by Nuclei

April 25, 2025
Added to KEVIntel

March 25, 2026