Refine your search
2 vulnerabilities found for WP Directorybox Manager by Chimpstudio
CVE-2024-13182 (GCVE-0-2024-13182)
Vulnerability from cvelistv5
Published
2025-02-13 12:41
Modified
2026-04-08 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Chimpstudio | WP Directorybox Manager |
Version: 0 ≤ 2.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:24:28.697984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:24:43.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Directorybox Manager",
"vendor": "Chimpstudio",
"versions": [
{
"lessThanOrEqual": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Friderika Baranyai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the \u0027wp_dp_parse_request\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:31:02.192Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea9e5e5d-a7fc-4159-a2ae-610bee76f818?source=cve"
},
{
"url": "http://localhost:1337/wp-content/plugins/wp-directorybox-manager/elements/login/cs-social-login/cs-social-login.php#L43"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Directorybox Manager \u003c= 2.5 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13182",
"datePublished": "2025-02-13T12:41:51.470Z",
"dateReserved": "2025-01-07T19:58:37.222Z",
"dateUpdated": "2026-04-08T17:31:02.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0316 (GCVE-0-2025-0316)
Vulnerability from cvelistv5
Published
2025-02-08 21:20
Modified
2026-04-08 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Chimpstudio | WP Directorybox Manager |
Version: 0 ≤ 2.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:36:47.008823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:41.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Directorybox Manager",
"vendor": "Chimpstudio",
"versions": [
{
"lessThanOrEqual": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the \u0027wp_dp_enquiry_agent_contact_form_submit_callback\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:48:05.213Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve"
},
{
"url": "https://themeforest.net/item/directory-multipurpose-wordpress-theme/10480929"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-01-07T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-02-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP Directorybox Manager \u003c= 2.5 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0316",
"datePublished": "2025-02-08T21:20:58.901Z",
"dateReserved": "2025-01-07T18:43:54.464Z",
"dateUpdated": "2026-04-08T16:48:05.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}