CVE-2022-2377

Summary

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog

Affected Software

VendorProductVersion RangeStatus
UnknownDirectorist – WordPress Business Directory Plugin with Classified Ads Listings7.3.0 < 7.3.0affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References