Vulnerabilities > Wpwax > Directorist > 7.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2025-1570 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wpwax Directorist The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. | 9.8 |
| 2025-02-01 | CVE-2024-12041 | Unspecified vulnerability in Wpwax Directorist The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. | 5.3 |
| 2024-01-16 | CVE-2023-2252 | Path Traversal vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | 2.7 |
| 2023-11-07 | CVE-2023-41798 | Unspecified vulnerability in Wpwax Directorist Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | 8.8 |
| 2023-06-09 | CVE-2023-1888 | Improper Input Validation vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. | 8.8 |
| 2023-06-09 | CVE-2023-1889 | Unspecified vulnerability in Wpwax Directorist The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. | 6.5 |