CVE-2024-12041

Name of the Vulnerable Software and Affected Versions The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 8.0.12

Description The issue allows unauthenticated attackers to extract sensitive data, including usernames, email addresses, names, and more information about users, via the "/wp-json/directorist/v1/users/" endpoint.

Recommendations For versions up to, and including, 8.0.12, update to a version higher than 8.0.12 to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-json/directorist/v1/users/" endpoint until a patch is available.