CVE-2023-1889

EPSS 0.61%
Veröffentlicht 09.06.2023 06:15:58
Zuletzt bearbeitet 08.04.2026 19:18:08
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. Please note CVE-2023-35052 appears to be a duplicate of this issue.

Mögliche Gegenmaßnahme

Directorist: AI-Powered Business Directory, Listings & Classified Ads: Update to version 7.5.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpwax ≫ Directorist SwPlatformwordpress Version <= 7.5.4

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Directorist: AI-Powered Business Directory, Listings & Classified Ads

Version *-7.5.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.444

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
security@wordfence.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://plugins.trac.wordpress.org/changeset/2920100/directorist

Issue Tracking

https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve

Third Party Advisory

https://www.wordfence.com/blog/2023/06/critical-security-update-directorist-wordpress-plugin-patches-two-high-risk-vulnerabilities/

https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1889

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1889

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1889

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1889