Broken Access Control Vulnerability in Directorist <= 8.5.10

  • Resolved jeffyna05

    (@jeffyna05)


    2 months, 1 week ago

    Hi,

    According to security scan results (Patchstack), the following vulnerability has been detected:

    WordPress Directorist Plugin <= 8.5.10 is vulnerable to a medium priority Broken Access Control

    https://patchstack.com/database/wordpress/plugin/directorist/vulnerability/wordpress-directorist-plugin-8-5-6-broken-access-control-vulnerability

    Software: Directorist
    Type: Plugin
    Vulnerable versions: <= 8.5.10
    OWASP Top 10: A1: Broken Access Control
    Classification: Broken Access Control
    CVE ID: CVE-2025-68069
    Patchstack priority: Medium
    CVSS severity: 7.1
    Required privilege: Subscriber
    PSID: 8ae9c89823ab
    Credits: daroo
    Published: 27 Jan, 2026

    Please confirm the following:

    1. Is this vulnerability confirmed in versions ≤ 8.5.10?
    2. In which plugin version has it been fixed?
    3. Is there an official changelog entry or security advisory describing the fix?
    4. Are any additional actions required after updating (cache clearing, re-saving settings, etc.)?
    5. Are there any temporary mitigation measures if an immediate update is not possible?
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.