CVE-2025-68069 — Missing Authorization in Directorist

CWE-862 — Missing Authorization4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 90.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpwax Directorist

Timeline

PublishedFeb 20

Description

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

▶CVEListV5wpwax/directorist8.6.6

🔴Vulnerability Details

CVEList

WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability↗2026-02-20

▶

GHSA

GHSA-p3w5-jrj2-m9r6: Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels↗2026-02-20

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68069 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶