Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings < 8.1 – Unauthenticated User Information Exposure | CVE 2024-12041 | Plugin Vulnerabilities

Description

The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.

Affects Plugins

Fixed in 8.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

shaman0x01

Verified

No

WPVDB ID

118daa30-5d78-4994-9972-bc57a8df9b72

Timeline

Publicly Published

2025-01-31 (about 1 year ago)

Added

2025-02-04 (about 1 year ago)

Last Updated

2025-02-04 (about 1 year ago)

Other

Published

Title

Published

2021-09-29

Title

Credova_Financial < 1.4.9 - Sensitive Information Disclosure

Published

2024-11-14

Title

Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders < 6.0.10 - Authenticated (Contributor+) Sensitive Information Exposure

Published

2025-07-16

Title

JetSmartFilters < 3.6.7.1 - Authenticated (Subscriber+) Sensitive Information Exposure

Published

2025-10-31

Title

WP Discourse < 2.6.0 - Authenticated (Author+) Information Exposure

Published

2024-05-14

Title

Contact Form Widget < 1.4.0 - Sensitive Information Exposure