CVE-2022-3930

Summary

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

Affected Software

VendorProductVersion RangeStatus
UnknownDirectorist0 < 7.4.2.2affected

Weaknesses

  • CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References