cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1322,https://securityvulnerability.io/vulnerability/CVE-2024-1322,Unauthorized Modification of Data in The Directorist Plugin Due to Missing Capability Check,"The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.",Wordpress,Directorist – WordPress Business Directory Plugin with Classified Ads Listings,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-41798,https://securityvulnerability.io/vulnerability/CVE-2023-41798,WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection,"A vulnerability exists in the wpWax Directorist – WordPress Business Directory Plugin that allows for improper neutralization of formula elements in CSV files. This can lead to potential security risks where an attacker may exploit this issue by crafting malicious CSV files that could execute unintended commands when opened. Affected versions of the wpWax Directorist plugin are vulnerable, enabling attackers to manipulate data and potentially expose sensitive information.",Wordpress,Directorist – WordPress Business Directory Plugin with Classified Ads Listings,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,false,false,2023-11-07T18:15:00.000Z,0
CVE-2023-1888,https://securityvulnerability.io/vulnerability/CVE-2023-1888,Arbitrary User Password Reset Vulnerability in Directorist Plugin for WordPress,"The Directorist plugin for WordPress contains a vulnerability that allows authenticated users with subscriber-level permissions and higher to reset any user's password. This flaw, stemming from insufficient validation checks in login.php, poses a significant security risk as it could enable attackers to gain unauthorized access and elevate their privileges, potentially taking control over the targeted accounts. Users of versions up to and including 7.5.4 are strongly advised to update their installations to mitigate this threat.",Wordpress,Directorist – WordPress Business Directory Plugin With Classified Ads Listings,8.8,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-1889,https://securityvulnerability.io/vulnerability/CVE-2023-1889,Insecure Direct Object Reference in Directorist Plugin for WordPress,"The Directorist plugin in WordPress is susceptible to an Insecure Direct Object Reference, allowing authenticated attackers with subscriber-level permissions or higher to delete arbitrary posts. This vulnerability arises from inadequate validation and authorization checks within the listing_task function. Developers are urged to update to the latest version to mitigate these security risks.",Wordpress,Directorist – WordPress Business Directory Plugin with Classified Ads Listings,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2022-2376,https://securityvulnerability.io/vulnerability/CVE-2022-2376,Directorist < 7.3.1 - Unauthenticated Email Address Disclosure,The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users,Wordpress,Directorist – WordPress Business Directory Plugin With Classified Ads Listings,5.3,MEDIUM,0.03238999843597412,false,,false,false,false,,false,false,2022-09-05T12:35:19.000Z,0
CVE-2022-2377,https://securityvulnerability.io/vulnerability/CVE-2022-2377,Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending,"The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog",Wordpress,Directorist – WordPress Business Directory Plugin With Classified Ads Listings,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-22T15:02:09.000Z,0
CVE-2022-2046,https://securityvulnerability.io/vulnerability/CVE-2022-2046,Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload,"The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.",Wordpress,Directorist – WordPress Business Directory Plugin With Classified Ads Listings,4.9,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-08T13:46:03.000Z,0
CVE-2021-24981,https://securityvulnerability.io/vulnerability/CVE-2021-24981,Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload,The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.,Wordpress,Directorist – Business Directory Plugin,7.5,HIGH,0.0049299998208880424,false,,false,false,false,,false,false,2021-12-21T08:45:40.000Z,0