WordPress Plugin Vulnerabilities

WP Directory Kit < 1.2.3 - Unauthenticated Arbitrary Settings Update

Description

The plugin does not properly implement a capability check on the 'ajax_public' function, allowing unauthenticated users to modify plugin settings, import demo data, delete related posts and terms, and install arbitrary plugins.

Affects Plugins

Plugin icon
wpdirectorykit
Fixed in 1.2.3

References

CVE
CVE-2023-2280
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpdirectorykit/wp-directory-kit-122-missing-authorization-to-plugin-settings-changedelete-demo-import-directory-kit-deletion-via-wdk-public-action

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Ramuel Gall, Lana Codes
Verified
No
WPVDB ID
2662a337-2615-4719-9e7a-6e8b87c6cead

Timeline

Publicly Published
2023-05-02 (about 3 years ago)
Added
2023-06-09 (about 2 years ago)
Last Updated
2023-06-09 (about 2 years ago)

Other

Published
Title
Published
2024-01-05
Title
ActivityPub for WordPress < 1.0.6 - Unauthenticated REST API Access
Published
2023-07-18
Title
Easy Captcha <= 1.0 - Missing Authorization
Published
2025-10-17
Title
WPC Smart Wishlist for WooCommerce < 5.0.5 - Missing Authorization to Authenticated (Subscriber+) Information Exposure
Published
2024-06-27
Title
Progress Planner < 0.9.2 - Missing Authorization
Published
2023-06-12
Title
WP Directory Kit < 1.2.4 - Missing Authorization for Plugin Settings Update