Directorist WordPress Plugin Missing Authorization Vulnerability Allows Unauthenticated Post Publishing

A vulnerability exists in the Directorist WordPress plugin, specifically in the 'Add Listing' feature, all versions through 8.2. The issue arises from a missing capability check in the 'parse_query' function, which allows unauthenticated users to change the post status of any listing to 'publish'. This unauthorized access and data modification could lead to misuse of the listing feature, such as publishing inappropriate or spam content.

Impact

Exploitation of this vulnerability allows for unauthorized publishing of posts, potentially leading to spam or malicious content being displayed on the site.

Reproduction

The vulnerability can be reproduced by sending a request to the WordPress site with the 'add_listing_action' AJAX action. This can be done without any authentication, such as a logged-in user or an API key. The request must include the listing data, such as the title, content, and any other required fields. Once the request is processed, the listing will be published immediately, bypassing any normal authorization checks.

Remediation

Users are advised to update the Directorist WordPress plugin to version 8.3 or later, where this vulnerability has been patched.