CVE-2022-3961
published 2022-12-19CVE-2022-3961: The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.70%
48.4th percentile
The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 5.15.90 | 5.15.90 |
| linux | linux_kernel | >= 5.16.0 < 6.0.3 | 6.0.3 |
| wpwax | directorist | < 7.4.4 | 7.4.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
io_uring/rw: defer fsnotify calls to task context
osv·2025-12-24
CVE-2022-50705 io_uring/rw: defer fsnotify calls to task context
io_uring/rw: defer fsnotify calls to task context
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: defer fsnotify calls to task context
We can't call these off the kiocb completion as that might be off
soft/hard irq context. Defer the calls to when we process the
task_work for this request. That avoids valid complaints like:
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_usage_bug kernel/locking/lockdep.c:3961 [inline]
valid_state kernel/locking/lockdep.c:3973 [inline]
mark_lock_irq kernel/locking/lockdep.
GHSA
GHSA-qjm4-4vhg-hjjv: The Directorist WordPress plugin before 7
ghsa_unreviewed·2022-12-19
CVE-2022-3961 [MEDIUM] CWE-862 GHSA-qjm4-4vhg-hjjv: The Directorist WordPress plugin before 7
The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-19
Published