Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.
AnalysisAI
DirectoryPress WordPress plugin versions 3.6.26 and earlier expose sensitive system information through an information disclosure vulnerability that allows unauthenticated remote attackers to retrieve embedded sensitive data with high attack complexity. The vulnerability has a CVSS score of 4.0 with low confidentiality impact and affects the scope beyond the vulnerable component. No public exploit code or active exploitation has been identified at the time of analysis, though the EPSS score of 0.02% suggests minimal real-world exploitation likelihood.
Technical ContextAI
This vulnerability is classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), a common weakness in web applications where sensitive data becomes accessible outside its intended protective boundary. In the context of DirectoryPress, a WordPress directory plugin, the vulnerability likely stems from improper access controls or data filtering mechanisms that expose system or configuration information through an API endpoint, page parameter, or embedded data structure accessible without authentication. The attack requires high complexity (AC:H) despite network accessibility, suggesting the vulnerability may require specific conditions, unusual request formats, or timing to exploit. The confidentiality impact is limited (C:L) and does not affect integrity or availability, indicating the exposure is read-only and restricted in scope.
RemediationAI
Users should update DirectoryPress to a version newer than 3.6.26 as soon as a patched release becomes available from Designinvento. Monitor the Patchstack vulnerability database and the official DirectoryPress plugin repository for patch availability announcements. As an interim measure, restrict access to the DirectoryPress plugin through Web Application Firewall rules or network controls if the exposed endpoint or parameter can be identified. Disable the plugin entirely if it is non-critical to operations until a patch is available. Audit any systems running DirectoryPress to determine if sensitive information has been exposed through this vector.
More in Directorypress
View allImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento Dire
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento Dire
The DirectoryPress - Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Sit
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20213
GHSA-qg69-99hf-gx2w