IDOR Vulnerability in Directorist WordPress Plugin Allows Password Manipulation
CVE-2022-3930 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
Learn more about our Wordpress Pen Testing.