3 matches found
SUSE CVE-2022-3930
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...
CVE-2022-3930 Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own...
CVE-2022-3930
The CVE-2022-3930 entry concerns the Directorist WordPress plugin, where versions prior to 7.4.2.2 are vulnerable to an IDOR flaw that lets an attacker change the password for arbitrary users (not necessarily their own). The vulnerability is triggered through insufficient access control over user...