Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
AnalysisAI
Broken access control in wpWax Directorist WordPress plugin versions up to 8.5.10 allows unauthenticated remote attackers to modify data through incorrectly configured authorization checks. The vulnerability exploits missing permission validation on plugin functionality, enabling unauthorized state changes without authentication or user interaction. With EPSS at 0.02% and no public exploit code identified, real-world risk remains low despite network-accessible exploitation.
Technical ContextAI
Directorist is a WordPress directory plugin developed by wpWax that manages business listings, classifications, and user profiles. The vulnerability stems from CWE-862 (Missing Authorization), a fundamental access control flaw where the plugin fails to verify that a user has permission to perform requested actions before executing them. This likely occurs in WordPress REST API endpoints or form handlers that lack proper capability checks (such as current_user_can() verification or nonce validation), allowing the plugin to process state-modifying requests from unauthenticated sources. The affected CPE cpe:2.3:a:wpwax:directorist:*:*:*:*:*:*:*:* indicates all versions through 8.5.10 are impacted.
RemediationAI
Update the Directorist plugin to a patched version released after 8.5.10; check the official wpWax GitHub repository or WordPress.org plugin page for the latest available release. As a temporary mitigation, administrators can restrict direct access to plugin endpoints via Web Application Firewall (WAF) rules or limit REST API exposure until patching is completed. Refer to the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/directorist/vulnerability/wordpress-directorist-plugin-8-5-10-broken-access-control-vulnerability?_s_id=cve) for detailed patching instructions and follow wpWax's official security notices for confirmation of fixed versions.
More in Directorist
View allThe Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leadi
The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessi
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to chan
PHP Object Injection in the wpWax Directorist WordPress plugin (all versions through 8.8.2) lets remote attackers pass u
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to bo
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor direc
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including,
The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing an
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and includi
The Directorist - WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to
The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vul
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20176
GHSA-rjr9-fgqp-jmc9