3 matches found
CVE-2023-1888
The CVE-2023-1888 entry concerns the WordPress Directorist plugin (versions up to 7.5.4). The vulnerability is an authentication-related flaw in login.php enabling an arbitrary user password reset by an authenticated user with subscriber-level permissions, potentially leading to privilege escalat...
CVE-2023-1888 Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset th...
WordPress Directorist Plugin <= 7.5.4 is vulnerable to Privilege Escalation
Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-1888 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3e2d4eebdb38 Credits Alex Thomas Required privilege...