Skip to main content

Directorist CVE-2025-1570

HIGH
Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
2025-02-28 security@wordfence.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
CVE Published
Feb 28, 2025 - 09:15 nvd
HIGH 8.1

DescriptionCVE.org

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.

AnalysisAI

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-640. The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator. Affected products include: Wpwax Directorist.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-24981 HIGH POC
7.5 Dec 21

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leadi

CVE-2022-3961 MEDIUM POC
6.5 Dec 19

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessi

CVE-2022-3930 MEDIUM POC
6.5 Dec 12

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to chan

CVE-2026-59518 CRITICAL
9.8 Jul 13

PHP Object Injection in the wpWax Directorist WordPress plugin (all versions through 8.8.2) lets remote attackers pass u

CVE-2022-2376 MEDIUM POC
5.3 Sep 05

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to bo

CVE-2022-2046 MEDIUM POC
4.9 Aug 08

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor direc

CVE-2023-1888 HIGH
8.8 Jun 09

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including,

CVE-2022-2377 MEDIUM POC
4.3 Aug 22

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing an

CVE-2023-1889 MEDIUM
6.5 Jun 09

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and includi

CVE-2024-1322 MEDIUM
5.3 Feb 29

The Directorist - WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to

CVE-2026-39509 MEDIUM
5.3 Apr 08

Broken access control in wpWax Directorist WordPress plugin versions up to 8.5.10 allows unauthenticated remote attacker

CVE-2024-12041 MEDIUM
5.3 Feb 01

The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vul

Share

CVE-2025-1570 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy