Directorist
CVE-2022-3930
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
AnalysisAI
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. Affected products include: Wpwax Directorist. Version information: before 7.4.2.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Directorist
View allThe Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leadi
The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessi
PHP Object Injection in the wpWax Directorist WordPress plugin (all versions through 8.8.2) lets remote attackers pass u
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to bo
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor direc
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including,
The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing an
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and includi
The Directorist - WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to
Broken access control in wpWax Directorist WordPress plugin versions up to 8.5.10 allows unauthenticated remote attacker
The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vul
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today