CVE-2022-3930

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413	Exploit Third Party Advisory
https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:20

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413 - Exploit, Third Party Advisory

14 Dec 2022, 21:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-12 18:15

Updated : 2025-04-22 18:15

NVD link : CVE-2022-3930

Mitre link : CVE-2022-3930

CVE.ORG link : CVE-2022-3930

JSON object : View

Products Affected

wpwax

directorist

CWE

No CWE.

{"id": "CVE-2022-3930", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-12T18:15:12.103", "references": [{"url": "https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own."}, {"lang": "es", "value": "El complemento Directorist de WordPress anterior a 7.4.2.2 sufre una vulnerabilidad IDOR que un atacante puede aprovechar para cambiar la contrase\u00f1a de usuarios arbitrarios en lugar de la suya propia."}], "lastModified": "2025-04-22T18:15:57.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3D9DF99F-ED1B-45B2-A393-9B02F3722520", "versionEndExcluding": "7.4.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}

6.5 /10