Directorist
Approved changes feed: RSS · Atom
cpe:2.3:a:wpwax:directorist:_ai-powered_business_directory_plugin_with_classified_ads_listings:*:*:*:*:*:*:*:*
part: a version: _ai-powered_business_directory_plugin_with_classified_ads_listings update: *
| Vendor | Wpwax (29e8d6fe-c9fa-59bf-8dd1-08817559bd7a) |
|---|---|
| Product | Directorist (51cdf9e8-a04e-5997-a723-7decdaba95fa) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-1570 |
vulnerable | 2026-06-03 14:59:05.817898 |
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP
HIGH (8.1)
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.
Published: 2025-02-28T08:23:17.826Z
Updated: 2026-04-08T17:04:33.411Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.