Every CVE whose affected-product data names Wpwax Directorist, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-1888 — CVSS 8.8 (high): The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due…
CVE-2025-1570 — CVSS 8.1 (high): The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege…
CVE-2021-24981 — CVSS 7.5 (high): The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP…
CVE-2022-3930 — CVSS 6.5 (medium): The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of…
CVE-2022-3961 — CVSS 6.5 (medium): The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system…
CVE-2023-1889 — CVSS 6.5 (medium): The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is…
CVE-2024-12041 — CVSS 5.3 (medium): The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to…
CVE-2022-2376 — CVSS 5.3 (medium): The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated…
CVE-2024-1322 — CVSS 5.3 (medium): The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized…
CVE-2023-41798 — CVSS 5.1 (medium): Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with…
CVE-2022-2046 — CVSS 4.9 (medium): The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site…
CVE-2022-2377 — CVSS 4.3 (medium): The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated…
CVE-2023-2252 — CVSS 2.7 (low): The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when…