Both vulnerabilities were found to affect Directorist versions 7.5.4 and earlier. On April 3, 2023, our team uncovered two significant vulnerabilities – an Arbitrary User Password Reset to Privilege Escalation, and an Insecure Direct Object Reference leading to Arbitrary Post Deletion. One such plugin we examined recently is Directorist, a popular tool used by over 10,000 WordPress sites to manage directory listings and classified ads. Critical Security Update: Directorist WordPress Plugin Patches Two High-risk VulnerabilitiesĪlongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in WordPress plugins so we can help developers patch these vulnerabilities before threat actors can exploit them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |