CVE-2022-3930
Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Productos afectados
Unknown · Directorist¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →