3 matches found
CVE-2023-1889
The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-1889
The Directorist WordPress plugin (versions up to and including 7.5.4) is affected by an Insecure Direct Object Reference in the listing_task function. The issue arises from insufficient validation/authorization, enabling authenticated users with subscriber-level permissions and higher to delete a...
WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control
Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...