CVE-2025-1570Weak Password Recovery Mechanism for Forgotten Password in Directorist

CWE-640Weak Password Recovery Mechanism for Forgotten Password4 documents4 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
0.3%
top 50.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpwax Directorist
Timeline
PublishedFeb 28
Latest updateSep 23

Description

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP2025-02-28
GHSA
GHSA-cq63-2g3g-qjf5: The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via acco2025-02-28

📋Vendor Advisories

1
Red Hat
kernel: macsec: sync features on RTM_NEWLINK2025-09-23
CVE-2025-1570 — Wpwax Directorist vulnerability | cvebase