{"id":"CVE-2024-1322","details":"The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.","modified":"2026-04-10T05:07:21.824998Z","published":"2024-02-29T01:43:47.613Z","references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300"},{"type":"ADVISORY","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve"},{"type":"FIX","url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail="}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sovware/directorist","events":[{"introduced":"0"},{"fixed":"e28defba56fbe47b339f37b6537f9473b2f8af68"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.8.5"}]}}],"versions":["released-v7.0.4","v7.0","v7.0.3.2","v7.0.3.3","v7.0.4.1","v7.0.5","v7.0.5.1","v7.0.5.2","v7.0.5.3","v7.0.5.4","v7.0.5.6","v7.0.6","v7.0.6.1","v7.0.6.2","v7.0.6.3","v7.0.7","v7.0.8","v7.1.0","v7.1.1","v7.1.2","v7.2.0","v7.2.1","v7.2.2","v7.3.0","v7.3.1","v7.3.1.2","v7.3.2","v7.3.3","v7.4.0","v7.4.1","v7.4.2","v7.4.3","v7.4.5","v7.4.6","v7.5.1","v7.5.3","v7.6.0","v7.7.0","v7.7.1","v7.7.2","v7.8.0","v7.8.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1322.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}