Access Control Flaw in Directory Pro Plugin by e-plugins
CVE-2025-64243

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Directory Pro
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-64243?

A missing authorization vulnerability has been identified in the Directory Pro plugin by e-plugins, which allows attackers to exploit incorrectly configured access control security levels. This vulnerability affects versions of Directory Pro up to 2.5.6, enabling unauthorized access to various functionalities and sensitive data within the directory management system. Website owners using this plugin should promptly assess their configurations and apply necessary security measures to safeguard their applications.

Affected Version(s)

Directory Pro <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/dire...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program

JSON