CVE-2023-1889

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-1889
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1889.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1889
Published
2023-06-09T06:15:58.690Z
Modified
2026-04-10T04:54:33.558615Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.

References

Affected packages

Git / github.com/sovware/directorist

Affected ranges

Type
GIT
Repo
https://github.com/sovware/directorist
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d659b9a317cc64a744e5531703a2c45cb907916f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.5.4"
        }
    ]
}

Affected versions

released-v7.*
released-v7.0.4
v7.*
v7.0
v7.0.3.2
v7.0.3.3
v7.0.4.1
v7.0.5
v7.0.5.1
v7.0.5.2
v7.0.5.3
v7.0.5.4
v7.0.5.6
v7.0.6
v7.0.6.1
v7.0.6.2
v7.0.6.3
v7.0.7
v7.0.8
v7.1.0
v7.1.1
v7.1.2
v7.2.0
v7.2.1
v7.2.2
v7.3.0
v7.3.1
v7.3.1.2
v7.3.2
v7.3.3
v7.4.0
v7.4.1
v7.4.2
v7.4.3
v7.4.5
v7.4.6
v7.5.1
v7.5.3
v7.5.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1889.json"