CVE-2023-37967

Name of the Vulnerable Software and Affected Versions DirectoryPress versions 3.6.2 and earlier

Description The issue is related to a missing authorization vulnerability in Designinvento DirectoryPress, which allows exploiting incorrectly configured access control security levels. This problem can be exploited to gain unauthorized access.

Recommendations Update to the latest version to secure your site. As a temporary workaround, consider restricting access to sensitive areas of the DirectoryPress plugin until a patch is available.