CVE-2024-12041

MEDIUM

Directorist: AI-Powered WordPress Business Directory Plugin - Info ...

Title source: llm
STIX 2.1

Description

The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.

References (3)

Scores

CVSS v3 5.3
EPSS 0.0030
EPSS Percentile 53.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-359
Status published
Products (2)
wpwax/directorist < 8.1
wpwax/Directorist: AI-Powered Business Directory, Listings & Classified Ads < 8.0.12
Published Feb 01, 2025
Tracked Since Feb 18, 2026