CVE-2026-39509Missing Authorization in Directorist

CWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 89.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpwax Directorist
Timeline
PublishedApr 8

Description

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5wpwax/directorist8.5.10

🔴Vulnerability Details

2
GHSA
GHSA-rjr9-fgqp-jmc9: Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels2026-04-08
CVEList
WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability2026-04-08
CVE-2026-39509 — Missing Authorization in Directorist | cvebase