on the site’s backend. This email address is displayed even if a user is not signed up for email updates. Such information can be used by hackers to target vulnerable users. The Directorist WordPress plugin before 7.3.1 has XSS via the AJAX action available to both unauthenticated and any authenticated users. Due to this vulnerability, hackers could inject script code into the site. This script code could then be used to steal personal data, conduct form spamming, or to infect users’ computers with malware. Due to the XSS vulnerability, hackers could also use the site to steal passwords.

Coordinated Vulnerability Disclosure Timeline

Information about a vulnerability is shared with the developer of the affected software or website. The developer will then decide whether to release an update and when it will be available. If the necessary updates are not released, the researcher notifies the public about their findings.
Since this vulnerability was discovered, WordPress has released version 7.3.2 which includes improvements to handling malicious user-provided data via AJAX requests.

How do hackers steal passwords using Directorist WordPress plugin?

Hackers could steal passwords from Directorist WordPress plugin users by injecting a script into the site. The injected script could have been used to steal personal data, conduct form spamming, or to infect computers with malware. Due to the XSS vulnerability, hackers could also use this site to steal passwords.

Timeline

Published on: 09/05/2022 13:15:00 UTC
Last modified on: 09/08/2022 03:48:00 UTC

References