The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.
History

Sat, 21 Dec 2024 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-09T05:33:29.454Z

Updated: 2024-12-20T23:36:37.060Z

Reserved: 2023-04-05T15:54:12.176Z

Link: CVE-2023-1889

cve-icon Vulnrichment

Updated: 2024-08-02T06:05:26.769Z

cve-icon NVD

Status : Modified

Published: 2023-06-09T06:15:58.690

Modified: 2024-11-21T07:40:05.513

Link: CVE-2023-1889

cve-icon Redhat

No data.