Directorist
wpWax
Developer
8.5.10
Latest version
20,000
Installations
No date
Last updated
Vulnerability history
2 present
17 fixed
10 Mitigation rules
- Broken Access Control vulnerability<= 8.5.10Jan 27, 2026
- Open Redirection vulnerability<= 8.5.10Dec 15, 2025
- Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability<= 8.5.2Nov 18, 2025
- Authenticated (Subscriber+) Arbitrary File Move vulnerability<= 8.4.8Oct 25, 2025
- Missing Authorization to Unauthenticated Arbitrary Post Publishing vulnerability<= 8.2Mar 24, 2025
- Privilege Escalation and Account Takeover via Weak OTP vulnerability<= 8.1Feb 27, 2025
- Unauthenticated User Information Exposure vulnerability<= 8.0.12Jan 31, 2025
- Broken Access Control vulnerability<= 7.8.6Apr 29, 2024
- Missing Authorization to Unauthenticated Settings Change vulnerability<= 7.8.4Feb 13, 2024
- CSV Injection<= 7.7.1Sep 5, 2023
- Broken Access Control<= 7.7.1Sep 4, 2023
- Arbitrary Content Deletion vulnerability<= 7.5.4Jun 13, 2023
- Authenticated Privilege Escalation Vulnerability<= 7.5.4Jun 7, 2023
- Authenticated Arbitrary Post Deletion Vulnerability<= 7.5.4Jun 7, 2023
- Auth. Insecure Direct Object References (IDOR) vulnerability<= 7.4.2.1Nov 21, 2022
- Unauthenticated Email Address Disclosure vulnerability<= 7.3.0Aug 10, 2022
- Authenticated Arbitrary E-mail Sending vulnerability<= 7.2.3Jul 26, 2022
- Authenticated Arbitrary File Upload vulnerability<= 7.2.2Jul 18, 2022
- Cross-Site Request Forgery (CSRF) vulnerability leading to Remote File Upload<= 7.0.6.1Nov 18, 2021