CVE-2022-3930 Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

2022-12-1217:54:51

WPScan

www.cve.org

directorist wordpress plugin

idor vulnerability

arbitrary user password update

0.001 Low

EPSS

Percentile

23.5%

JSON

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Directorist",
    "collectionURL": "https://wordpress.org/plugins",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "7.4.2.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for CVELIST:CVE-2022-3930