Skip to main content

Directorist Social Login

1 CVEs product

Monthly

CVE-2026-22337 CRITICAL PATCH Act Now

Remote unauthenticated attackers can escalate privileges to administrator level in Directorist Social Login WordPress plugin versions prior to 2.1.4 through incorrect privilege assignment during social authentication flows. Exploitation requires no authentication or user interaction, enabling complete site takeover via social login mechanisms. CVSS 9.8 (Critical) reflects network-based attack vector with no complexity barriers. No public exploit code or CISA KEV listing identified at time of analysis, but Patchstack reporting suggests vulnerability may be under researcher scrutiny.

Privilege Escalation Directorist Social Login
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote unauthenticated attackers can escalate privileges to administrator level in Directorist Social Login WordPress plugin versions prior to 2.1.4 through incorrect privilege assignment during social authentication flows. Exploitation requires no authentication or user interaction, enabling complete site takeover via social login mechanisms. CVSS 9.8 (Critical) reflects network-based attack vector with no complexity barriers. No public exploit code or CISA KEV listing identified at time of analysis, but Patchstack reporting suggests vulnerability may be under researcher scrutiny.

Privilege Escalation Directorist Social Login
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy