Vulnerabilities > Wpwax > Directorist > 7.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-2252 | Path Traversal vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | 2.7 |
2023-11-07 | CVE-2023-41798 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpwax Directorist Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | 8.8 |
2023-06-09 | CVE-2023-1888 | Improper Input Validation vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. | 8.8 |
2023-06-09 | CVE-2023-1889 | Unspecified vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. | 6.5 |
2022-12-19 | CVE-2022-3961 | Missing Authorization vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. | 6.5 |