CVE-2024-1322

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300	Product
https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300	Product
https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail=	Patch
https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail=	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*

History

27 Feb 2025, 22:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:wpwax:directorist::::::wordpress::*
First Time		Wpwax directorist Wpwax
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve - Third Party Advisory
References	~~() https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail= -~~	() https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail= - Patch
References	~~() https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300 -~~	() https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300 - Product

29 Feb 2024, 01:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-29 01:43

Updated : 2025-02-27 22:03

NVD link : CVE-2024-1322

Mitre link : CVE-2024-1322

JSON object : View

Products Affected

wpwax

directorist

CWE

No CWE.

JSON object

Attach tags to CVE-2024-1322

Attach tags to `CVE-2024-1322`