WordPress aDirectory Plugin Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the WordPress aDirectory plugin, affecting versions through 3.0.3. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

Impact

Exploitation of this vulnerability could enable an unprivileged user to execute actions with elevated privileges, potentially leading to unauthorized access or modifications.

Remediation

Users of the aDirectory WordPress plugin should update to version 3.0.4 or later. Patchstack users can activate auto-update for vulnerable plugins.