WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability
CVE-2024-43981
8.8HIGH
Summary
A security vulnerability has been identified in AyeCode's WP Business Directory Plugin, GeoDirectory, which allows unauthorized access due to improperly configured access control security levels. This defect enables attackers to exploit the system and gain elevated privileges, compromising the integrity of user data. The issue affects all versions up to 2.3.70, making it imperative for users to review their configurations and apply necessary security measures to mitigate potential risks.
Affected Version(s)
GeoDirectory <= 2.3.70
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)