Directorist Business Directory Plugin Privilege Escalation Vulnerability
Vulnerability
A privilege escalation vulnerability has been identified in the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress, affecting all versions through 8.1. The vulnerability arises from inadequate controls in the password reset functions, allowing unauthenticated attackers to brute force one-time passwords (OTPs) and change passwords for any user, including administrators.
Impact
Exploitation of this vulnerability allows for unauthorized password changes, leading to account takeovers, including administrative accounts.
Remediation
Users are advised to update the plugin to version 8.2 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.