CVE-2025-2224 - CERT CVE
ID CVE-2025-2224
Sažetak The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. This makes it possible for unauthenticated attackers to update the post_status of any post to 'publish'.
Reference
CVSS
Base: 5.3
Impact: 1.4
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Zadnje važnije ažuriranje 27-03-2025 - 16:45
Objavljeno 25-03-2025 - 06:15