Vulnerabilities and security researches fordirectorist directorist

Direction: ascending

Jun 07, 2024

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2046

CVE, Research URL: CVE-2022-2046
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Aug 08, 2022
Research Description: The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
Affected versions: max 7.2.3.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2377

CVE, Research URL: CVE-2022-2377
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Aug 22, 2022
Research Description: The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog
Affected versions: max 7.3.0.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-3930

CVE, Research URL: CVE-2022-3930
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Dec 12, 2022
Research Description: The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
Affected versions: max 7.4.2.2.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-1888

CVE, Research URL: CVE-2023-1888
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Jun 09, 2023
Research Description: The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.
Affected versions: max 7.5.5.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-1889

CVE, Research URL: CVE-2023-1889
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Jun 09, 2023
Research Description: The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.
Affected versions: max 7.5.5.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-2252

CVE, Research URL: CVE-2023-2252
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Jan 16, 2024
Research Description: The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.
Affected versions: max 7.7.2.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2021-24981

CVE, Research URL: CVE-2021-24981
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Dec 21, 2021
Research Description: The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.
Affected versions: max 7.0.6.2.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2376

CVE, Research URL: CVE-2022-2376
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Sep 05, 2022
Research Description: The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users
Affected versions: max 7.3.1.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-3961

CVE, Research URL: CVE-2022-3961
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Dec 19, 2022
Research Description: The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
Affected versions: max 7.4.4.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-41798

CVE, Research URL: CVE-2023-41798
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Nov 07, 2023
Research Description: Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1.
Affected versions: max 7.7.2.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-1322

CVE, Research URL: CVE-2024-1322
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Feb 29, 2024
Research Description: The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.
Affected versions: max 7.8.5.
Status: vulnerable

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-33929

CVE, Research URL: CVE-2024-33929
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: May 03, 2024
Research Description: Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.
Affected versions: max 7.9.0.
Status: vulnerable

Jan 10, 2025

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-35052

CVE, Research URL: CVE-2023-35052
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4.
Affected versions: max 7.5.5.
Status: vulnerable

Feb 03, 2025

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-12041

CVE, Research URL: CVE-2024-12041
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Feb 01, 2025
Research Description: The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.
Affected versions: max 8.1.
Status: vulnerable

Feb 28, 2025

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-1570

CVE, Research URL: CVE-2025-1570
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Feb 28, 2025
Research Description: The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.
Affected versions: max 8.2.
Status: vulnerable

Mar 26, 2025

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-2224

CVE, Research URL: CVE-2025-2224
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Mar 25, 2025
Research Description: The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. This makes it possible for unauthenticated attackers to update the post_status of any post to 'publish'.
Affected versions: max 8.3.
Status: vulnerable

Nov 11, 2025

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-10488

CVE, Research URL: CVE-2025-10488
Home page URL: Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Application: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Date: Oct 25, 2025
Research Description: The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and including, 8.4.8. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
Affected versions: max 8.4.9.
Status: vulnerable

Vulnerabilities and security researches fordirectorist directorist

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2046

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2377

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-3930

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-1888

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-1889

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-2252

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2021-24981

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2376

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-3961

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-41798

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-1322

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-33929

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-35052

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-12041

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-1570

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-2224

Directorist &#8211; WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-10488

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2046

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2377

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-3930

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-1888

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-1889

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-2252

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2021-24981

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-2376

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2022-3961

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-41798

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-1322

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-33929

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2023-35052

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2024-12041

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-1570

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-2224

Directorist – WordPress Business Directory Plugin with Classified Ads Listings # CVE-2025-10488