CVE-2026-39509 WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.5.10...

CVE-2025-68069

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-68069 WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Directorist versions = 8.5.10...

CVE-2025-1570

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

CVE-2025-64250 WordPress Directorist plugin <= 8.6.6 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through = 8.6.6...

WordPress Directorist plugin <= 8.5.10 - Open Redirection vulnerability

Open Redirection vulnerability discovered by daroo in WordPress Plugin Directorist versions = 8.5.10...

CVE-2025-12174

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

EUVD-2025-198120

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

CVE-2025-12174

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

CVE-2025-12174

CVE-2025-12174 (Directorist WordPress plugin) : A missing capability check on directorist_prepare_listings_export_file and directorist_type_slug_change AJAX actions in all versions up to 8.5.2 allows authenticated users with Subscriber+ permissions to export listings and update slugs. This is a d...

CVE-2025-12174 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

PT-2025-47428

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist prepare listings export file' and 'directorist type slug change' AJAX actions in all versions up to, a...

WordPress Directorist plugin <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability

Missing Authorization to Authenticated Subscriber+ Data Export and Slug Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Directorist versions = 8.5.2...

CVE-2025-10488

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

WordPress plugin Directorist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2025-35929

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

CVE-2025-10488

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

CVE-2025-10488

CVE-2025-10488 — Directorist (WordPress)