CVE-2023-2280
published 2023-06-09CVE-2023-2280: The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.60%
44.3th percentile
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos_os | — | — |
| wpdirectorykit | wp_directory_kit | < 1.2.3 | 1.2.3 |
| wpdirectorykit | wp_directory_kit | <= 1.2.2 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WP Directory Kit Plugin up to 1.2.2 on WordPress Setting wdk_public_action authorization
vuldb·2026-04-10·CVSS 6.5
CVE-2023-2280 [MEDIUM] WP Directory Kit Plugin up to 1.2.2 on WordPress Setting wdk_public_action authorization
A vulnerability was found in WP Directory Kit Plugin up to 1.2.2 on WordPress. It has been declared as critical. Affected is the function wdk_public_action of the component Setting Handler. Such manipulation leads to missing authorization.
This vulnerability is documented as CVE-2023-2280. The attack can be executed remotely. There is not any exploit available.
GHSA
GHSA-82jf-v4r3-p624: The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the
ghsa_unreviewed·2023-06-09
CVE-2023-2280 [MEDIUM] CWE-862 GHSA-82jf-v4r3-p624: The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.
Juniper
CVE-2023-22395: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent atta
vendor_juniper·2023-01-13·CVSS 6.5
CVE-2023-22395 [MEDIUM] CWE-401 CVE-2023-22395: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent atta
CVE-2023-22395: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Netw
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249https://plugins.trac.wordpress.org/changeset/2907164/https://www.wordfence.com/threat-intel/vulnerabilities/id/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cvehttps://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/public/class-wpdirectorykit-public.php#L249https://plugins.trac.wordpress.org/changeset/2907164/https://www.wordfence.com/threat-intel/vulnerabilities/id/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cve
2023-06-09
Published