CVE-2024-1322

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-1322
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1322.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-1322
Published
2024-02-29T01:43:47.613Z
Modified
2026-04-10T05:07:21.824998Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.

References

Affected packages

Git / github.com/sovware/directorist

Affected ranges

Type
GIT
Repo
https://github.com/sovware/directorist
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e28defba56fbe47b339f37b6537f9473b2f8af68
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.8.5"
        }
    ]
}

Affected versions

released-v7.*
released-v7.0.4
v7.*
v7.0
v7.0.3.2
v7.0.3.3
v7.0.4.1
v7.0.5
v7.0.5.1
v7.0.5.2
v7.0.5.3
v7.0.5.4
v7.0.5.6
v7.0.6
v7.0.6.1
v7.0.6.2
v7.0.6.3
v7.0.7
v7.0.8
v7.1.0
v7.1.1
v7.1.2
v7.2.0
v7.2.1
v7.2.2
v7.3.0
v7.3.1
v7.3.1.2
v7.3.2
v7.3.3
v7.4.0
v7.4.1
v7.4.2
v7.4.3
v7.4.5
v7.4.6
v7.5.1
v7.5.3
v7.6.0
v7.7.0
v7.7.1
v7.7.2
v7.8.0
v7.8.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1322.json"