ADQS_Directory
Moderate fix1 remedy
cpe:2.3:a:quomodosoft:adirectory:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.3
aDirectory WordPress Plugin Missing Authorization Vulnerability Allowing Arbitrary Post Deletion
Vulnerability
Patched
A vulnerability exists in the aDirectory WordPress Directory Listing Plugin, specifically in versions through 2.3, where the adqs_delete_listing() function lacks proper capability checks. This flaw enables authenticated users with Subscriber-level access and above to delete any post, including those not associated with them.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of posts, which could include important content or data.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the adqs_delete_listing AJAX action. The request must include a list ID corresponding to the post to be deleted. The absence of a proper authorization check allows the user to delete arbitrary posts.
Remediation
Users are advised to update the aDirectory WordPress Directory Listing Plugin to version 2.3.5 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
6.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.