CVE-2024-1322

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-1322 is a vulnerability affecting the Directorist plugin for WordPress with Classified Ads Listings. The issue lies in the 'setup_wizard' function, where a missing capability check allows unauthenticated attackers to modify default pages, enable or disable monetization, and change map providers in all versions up to 7.8.4. This weakness poses a significant risk, as it allows unauthorized individuals to manipulate crucial settings and potentially gain financial benefits.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ub9jKL
https://www.cve.org/CVERecord?id=CVE-2024-1322
https://nvd.nist.gov/vuln/detail/CVE-2024-1322

Back to Vulnerability Database

CVE-2024-1322

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations