Description
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
Published: 2026-04-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A flaw in the Directorist Social Login plugin for WordPress permits an attacker to incorrectly assign privileges, allowing them to elevate their permissions beyond the intended scope. The vulnerability is rooted in improper privilege management and could be exploited to gain administrative rights on the affected site. The weakness is classified as CWE-266.

Affected Systems

The Directorist Social Login plugin for WordPress, versions older than 2.1.4, is affected. Any WordPress installation that has a pre‑2.1.4 version of the plugin enabled is at risk.

Risk and Exploitability

The CVSS score is 9.8, indicating a critical severity. The EPSS score is less than 1 %, suggesting a very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via the web interface of a WordPress site that has the vulnerable plugin installed, where an adversary could exploit the privilege escalation to gain higher access. While the concrete exploitation steps are not detailed in the description, the nature of privilege escalation implies that once the plugin is compromised, an attacker could execute privileged actions that threaten confidentiality, integrity, and availability of site data.

Generated by OpenCVE AI on April 28, 2026 at 13:05 UTC.

Remediation

Vendor Solution

Update the WordPress Directorist Social Login plugin to the latest available version (at least 2.1.4).

OpenCVE Recommended Actions

  • Update the Directorist Social Login plugin to version 2.1.4 or later.
  • If an immediate update is not possible, disable the plugin until the fix is applied.
  • Monitor site logs for attempts to exploit privilege assignments and restrict administrative access to trusted users.

Generated by OpenCVE AI on April 28, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Directorist
Directorist directorist Social Login
Wordpress
Wordpress wordpress
Vendors & Products Directorist
Directorist directorist Social Login
Wordpress
Wordpress wordpress

Mon, 27 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
Title WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Directorist Directorist Social Login
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:41.031Z

Reserved: 2026-01-07T12:21:11.735Z

Link: CVE-2026-22337

cve-icon Vulnrichment

Updated: 2026-04-27T10:59:09.427Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T11:16:01.513

Modified: 2026-04-27T18:37:59.213

Link: CVE-2026-22337

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:15:31Z

Weaknesses