CVE-2022-3930

EUVD-2022-43264
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password  of arbitrary users instead of his own.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
wpwaxdirectorist
𝑥
< 7.4.2.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413
https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413