Update the WordPress Directorist plugin to the latest available version (at least 22.214.171.124).
cydave discovered and reported this Insecure Direct Object References (IDOR) vulnerability in WordPress Directorist Plugin. An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database. This vulnerability has been fixed in version 126.96.36.199.
Unauthenticated Email Address Disclosure vulnerability
Authenticated Arbitrary Email Sending vulnerability
Authenticated Arbitrary File Upload vulnerability
CrossSite Request Forgery (CSRF) vulnerability leading to Remote File Upload