Home > Vulnerability Database > CVE-2023-1889

Mend.io Vulnerability Database

CVE-2023-1889

Date: June 9, 2023

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.

Language: PHP

Severity Score

6.5

Related Resources (4)

Url: https://plugins.trac.wordpress.org/changeset/2920100/directorist

Url: https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1889

Url: https://www.mend.io/vulnerability-database/CVE-2023-1889

Severity Score

6.5

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1889

Date: June 9, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?