The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.
Published 2024-02-29 01:43:48
Updated 2024-02-29 13:49:29
Source Wordfence
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2024-1322

We don't have an EPSS score for this CVE yet EPSS FAQ

CVSS scores for CVE-2024-1322

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
5.3
MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.9
1.4
Wordfence

References for CVE-2024-1322

Products affected by CVE-2024-1322

The following product & version information is provided by CVEdetails.com. We provide product & version information for most CVEs even if they are not available from NVD.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!