High severity8.8NVD Advisory· Published Jun 9, 2023· Updated Apr 8, 2026
CVE-2023-1888
CVE-2023-1888
Description
The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.wordfence.com/threat-intel/vulnerabilities/id/01943559-e05b-4dca-b322-d880b2729ee7nvdThird Party Advisory
- plugins.trac.wordpress.org/changeset/2920100/directoristnvdIssue Tracking
- www.wordfence.com/blog/2023/06/critical-security-update-directorist-wordpress-plugin-patches-two-high-risk-vulnerabilities/nvd
News mentions
0No linked articles in our index yet.