WordPress Plugin Vulnerabilities

Directorist < 7.9.0 - Missing Authorization

Description

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.8.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
directorist
Fixed in 7.9.0

References

CVE
CVE-2024-33929
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0655cd61-8ebe-47f8-a21b-6311c98a7193

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
ab85e38c-bfd5-438b-9660-d6331a7b6a76

Timeline

Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-05-07 (about 2 years ago)
Last Updated
2024-05-07 (about 2 years ago)

Other

Published
Title
Published
2025-04-24
Title
WS Form LITE – Drag & Drop Contact Form Builder for WordPress < 1.10.36 - Missing Authorization to Unauthenticated Sensitive Information Exposure
Published
2025-01-06
Title
CubeWP Forms <= 1.1.10 - Missing Authorization
Published
2025-12-02
Title
Tiktok Feed < 1.0.24 - Missing Authorization
Published
2026-05-13
Title
InfusedWoo Pro < 5.1.3 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta Update
Published
2025-03-04
Title
Zass - WooCommerce Theme for Handmade Artists and Artisans <= 3.9.9.10 - Missing Authorization to Authenticated (Subscriber+) Demo Import