CVE-2023-1888
Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.
| CWE | CWE-20 |
| Vendor | wpwax |
| Product | directorist: ai-powered business directory, listings & classified ads |
| Published | Jun 9, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpwax directorist: ai-powered business directory, listings & classified ads
Be the first to know when new high vulnerabilities affecting wpwax directorist: ai-powered business directory, listings & classified ads are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wpwax / Directorist: AI-Powered Business Directory, Listings & Classified Ads
0 โค 7.5.4
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/01943559-e05b-4dca-b322-d880b2729ee7?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2920100/directorist wordfence.com: https://www.wordfence.com/blog/2023/06/critical-security-update-directorist-wordpress-plugin-patches-two-high-risk-vulnerabilities/
Credits
Alex Thomas