The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Authentication Bypass
PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%