CVE-2022-3930

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password  of arbitrary users instead of his own.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
wpwaxdirectorist
𝑥
< 7.4.2.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413
https://wpscan.com/vulnerability/8728d02a-51db-4447-a843-0264b6ceb413