CVE-2022-2376: 
WordPress vulnerability analysis and mitigation

CVE-2022-2376 is a security vulnerability affecting the Directorist WordPress plugin versions prior to 7.3.1. The vulnerability was discovered and publicly disclosed on August 10, 2022, by security researcher Krzysztof Zając (WPScan).

The vulnerability is classified as a Broken Access Control issue (OWASP Top 10 A5) with a CVSS score of 5.3 (Medium). The security flaw allows for unauthorized disclosure of email addresses through an AJAX action that is accessible to both unauthenticated and authenticated users. The vulnerable endpoint can be accessed via the path '/wp-admin/admin-ajax.php?action=directoristauthorpagination' (WPScan).

The vulnerability allows unauthorized access to user email addresses stored in the Directorist plugin. This information disclosure could potentially be exploited for spam campaigns, phishing attacks, or other malicious activities targeting the exposed email addresses (WPScan).

The vulnerability has been patched in Directorist version 7.3.1. Users are strongly advised to update their installations to this version or later to protect against unauthorized email address disclosure (WPScan).