CVE-2024-1322

Name of the Vulnerable Software and Affected Versions The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 7.8.4

Description The issue allows unauthorized modification of data due to a missing capability check on the setup wizard function. This makes it possible for unauthenticated attackers to recreate default pages, enable or disable monetization, and change the map provider.

Recommendations For versions up to, and including, 7.8.4, update to a version later than 7.8.4 to resolve the issue. As a temporary workaround, consider disabling the setup wizard function until a patch is available.