What is the CVSS score of CVE-2026-22337?

CVE-2026-22337 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Directorist Social Login are affected by CVE-2026-22337?

CVE-2026-22337 affects the Directorist Social Login WordPress plugin (versions before 2.1.4) and allows unauthenticated remote attackers to gain administrator-level access through a privilege…. A patch is available.

Directorist Social Login CVE-2026-22337

EUVD-2026-25814 CRITICAL

Incorrect Privilege Assignment (CWE-266)

2026-04-27 Patchstack

Privilege Escalation

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 18:52 vuln.today

cvss_changed

Patch released

Apr 27, 2026 - 18:37 nvd

Patch available

Apr 27, 2026 - 12:01 EUVD

Analysis Generated

Apr 27, 2026 - 11:30 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 11:00 euvd

EUVD-2026-25814

Analysis Generated

Apr 27, 2026 - 11:00 vuln.today

CVE Published

Apr 27, 2026 - 10:31 nvd

CRITICAL 9.8

DescriptionNVD

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.

AnalysisAI

Remote unauthenticated attackers can escalate privileges to administrator level in Directorist Social Login WordPress plugin versions prior to 2.1.4 through incorrect privilege assignment during social authentication flows. Exploitation requires no authentication or user interaction, enabling complete site takeover via social login mechanisms. …

RemediationAI

Within 24 hours: Identify all WordPress instances running Directorist Social Login plugin and document current versions; disable or deactivate the plugin immediately if versions prior to 2.1.4 are confirmed. Within 7 days: Contact the plugin vendor for patch availability timeline; evaluate alternative social login solutions if patching is delayed. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-22337 vulnerability details – vuln.today

Back

Directorist Social Login CVE-2026-22337

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code