IDOR Vulnerability in Directorist WordPress Plugin Allows Password Manipulation

IDOR Vulnerability in Directorist WordPress Plugin Allows Password Manipulation

CVE-2022-3930 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

Learn more about our Wordpress Pen Testing.