CVE-2023-2252

Name of the Vulnerable Software and Affected Versions Directorist WordPress plugin versions prior to 7.5.4

Description The issue is related to Local File Inclusion, where the plugin does not validate the file parameter when importing CSV files. This allows for potential exploitation. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Directorist WordPress plugin versions prior to 7.5.4, update to version 7.5.4 or later to resolve the issue. As a temporary workaround, consider restricting the import of CSV files until the update is applied. Avoid using the file parameter in the affected import functionality to minimize the risk of exploitation.