The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2920100/directorist | Issue Tracking |
https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T05:33:29.454Z
Updated: 2023-06-09T05:33:29.454Z
Reserved: 2023-04-05T15:54:12.176Z
Link: CVE-2023-1889
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-09T06:15:58.690
Modified: 2023-11-07T04:05:17.057
Link: CVE-2023-1889
JSON object: View
Redhat Information
No data.
CWE
No CWE.