The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.
Metrics
Affected Vendors & Products
References
History
Sat, 21 Dec 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T05:33:29.454Z
Updated: 2024-12-20T23:36:37.060Z
Reserved: 2023-04-05T15:54:12.176Z
Link: CVE-2023-1889
Vulnrichment
Updated: 2024-08-02T06:05:26.769Z
NVD
Status : Modified
Published: 2023-06-09T06:15:58.690
Modified: 2024-11-21T07:40:05.513
Link: CVE-2023-1889
Redhat
No data.