CVE-2023-1888

Name of the Vulnerable Software and Affected Versions Directorist plugin for WordPress versions up to and including 7.5.4

Description The issue is caused by a lack of validation checks within the login.php file, allowing authenticated attackers with subscriber-level permissions and above to reset the password of an arbitrary user and gain elevated privileges.

Recommendations For Directorist plugin for WordPress versions up to and including 7.5.4, update to a version that includes the necessary validation checks to prevent arbitrary user password resets. As a temporary workaround, consider restricting subscriber-level permissions to minimize the risk of exploitation.