WordPress Plugin Vulnerabilities

Directorist < 7.5.5 - Subscriber+ Arbitrary User Password Reset to Privilege Escalation

Description

The plugin does not properly validates a user sent a valid password reset token, enabling attackers to take over other user accounts, like administrators.

Affects Plugins

Plugin icon
directorist
Fixed in 7.5.5

References

CVE
CVE-2023-1888
URL
https://www.wordfence.com/blog/2023/06/critical-security-update-directorist-wordpress-plugin-patches-two-high-risk-vulnerabilities/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
Yes
WPVDB ID
bd9bf69e-e3e3-4115-a662-79326908f768

Timeline

Publicly Published
2023-06-07 (about 2 years ago)
Added
2023-06-07 (about 2 years ago)
Last Updated
2023-06-07 (about 2 years ago)

Other

Published
Title
Published
2024-11-22
Title
WPGYM < 67.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Published
2019-08-03
Title
Travel Management < 1.7 - Unauthenticated Options Change
Published
2024-10-25
Title
Exam Matrix <= 1.5 - Unauthenticated Privilege Escalation
Published
2025-05-06
Title
Woocommerce Multiple Addresses <= 1.0.7.1 - Authenticated (Subscriber+) Privilege Escalation
Published
2026-05-01
Title
Import and export users and customers < 2.0.9 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields