4 matches found
CVE-2025-1570
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...
CVE-2025-1570
creationtimestamp| type| source ---|---|--- 2025-02-28 09:27:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5857 2025-02-28 10:00:46+00:00| seen| Telegram/tzst3T7SuESeL4Dw73eYpZnj8xogMY6-vkCUQFTMfYlq5w 2025-02-28 11:10:18+00:00| seen| https://t.me/cvedetector/19132 2025-02-28 11:48:48+00:0...
CVE-2025-1570
CVE-2025-1570 : Directorist – AI-Powered Business Directory Plugin for WordPress suffers privilege escalation via account takeover in all versions up to and including 8.1. The root cause is inadequate controls in directorist_generate_password_reset_pin_code() and reset_user_password() that permit...
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...