What the vulnerability does
01Description
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
What the vulnerability does
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.
Explanation of Vulnerability in Simple Terms
Directorist versions up to 8.6.6 lack proper authorization checks, allowing authenticated users to modify or delete data they should not have access to. An attacker with a low-privilege account can change listings, settings, or other resources belonging to other users or the site itself. The vulnerability affects integrity and availability of site content. Update to version 8.8.1 or later.
What an attacker can do
Modify or delete listings and site data belonging to other users without proper permission.
Potential impact on your site
Unauthorized users can alter or remove directory listings and potentially critical site configuration.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities