← back
CVE-2022-3930

Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR

CVSS 6.5 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
Unknown · Directorist