Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
AnalysisAI
Remote unauthenticated attackers can escalate privileges to administrator level in Directorist Social Login WordPress plugin versions prior to 2.1.4 through incorrect privilege assignment during social authentication flows. Exploitation requires no authentication or user interaction, enabling complete site takeover via social login mechanisms. CVSS 9.8 (Critical) reflects network-based attack vector with no complexity barriers. No public exploit code or CISA KEV listing identified at time of analysis, but Patchstack reporting suggests vulnerability may be under researcher scrutiny.
Technical ContextAI
Directorist Social Login is a WordPress plugin (CPE: cpe:2.3:a:directorist:directorist_social_login) that integrates third-party social authentication providers (Google, Facebook, Twitter, etc.) for user registration and login. The vulnerability stems from CWE-266 (Incorrect Privilege Assignment), a class of flaws where applications fail to properly validate or restrict privilege levels during authentication or authorization operations. In WordPress context, this typically manifests when social login callbacks incorrectly assign user roles - such as granting 'administrator' instead of 'subscriber' - due to missing validation of OAuth response data, insufficient role mapping logic, or failure to sanitize user metadata from social providers. The CVSS:3.1 vector AV:N/AC:L/PR:N/UI:N indicates the flaw is exploitable remotely without requiring existing credentials or victim interaction, suggesting the privilege escalation occurs during the initial social login account creation or linking process rather than requiring an existing authenticated session.
RemediationAI
Upgrade Directorist Social Login plugin to version 2.1.4 or later immediately via WordPress admin dashboard (Plugins → Installed Plugins → Update) or manual installation from WordPress.org repository. Vendor-released patch in version 2.1.4 addresses incorrect privilege assignment during social authentication flows. Post-upgrade, audit existing user accounts created via social login for unauthorized administrator-level accounts: review Users → All Users for recently created admin accounts without legitimate business justification, and demote or delete suspicious accounts. If immediate patching is not feasible, disable all social login functionality as compensating control: deactivate Directorist Social Login plugin entirely or disable specific OAuth providers in plugin settings (Directorist → Settings → Social Login) - this prevents exploitation but breaks legitimate social login workflows for end users. For high-risk environments, consider temporarily restricting wp-login.php and wp-admin access to trusted IP addresses via web server rules until patch deployment is complete. Review web server access logs for anomalous social login callback requests (wp-admin/admin-ajax.php or plugin-specific OAuth endpoints) in the 30 days prior to patching to identify potential compromise. No workaround maintains social login functionality while mitigating the vulnerability - upgrade is the only complete remediation.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25814