CVE-2022-3961 — Missing Authorization in Directorist

CWE-862 — Missing Authorization CWE-821 — Incorrect Synchronization6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpwax Directorist

Timeline

PublishedDec 19

Latest updateDec 24

Description

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDwpwax/directorist< 7.4.4

🔴Vulnerability Details

OSV

io_uring/rw: defer fsnotify calls to task context↗2025-12-24

▶

GHSA

GHSA-qjm4-4vhg-hjjv: The Directorist WordPress plugin before 7↗2022-12-19

▶

CVEList

Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure↗2022-12-19

▶