CVE-2024-12041 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-12041?

CVE-2024-12041 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows unauthenticated attackers to access sensitive user information through the Directorist WordPress plugin's REST API endpoint. All WordPress sites using Directorist plugin versions up to 8.0.12 are affected, exposing usernames, email addresses, and other user data.

📋 TL;DR

This vulnerability allows unauthenticated attackers to access sensitive user information through the Directorist WordPress plugin's REST API endpoint. All WordPress sites using Directorist plugin versions up to 8.0.12 are affected, exposing usernames, email addresses, and other user data.

💻 Affected Systems

Products:

Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings

Versions: All versions up to and including 8.0.12

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable Directorist plugin versions enabled.

📦 What is this software?

Directorist by Wpwax

View all CVEs affecting Directorist →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers harvest all user data for phishing campaigns, credential stuffing attacks, or targeted social engineering against administrators and users.

🟠

Likely Case

Automated bots scrape user information for spam lists, credential stuffing databases, or reconnaissance for further attacks.

🟢

If Mitigated

With proper access controls, only authorized users can access user data, preventing information exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP GET requests to the vulnerable endpoint can extract data without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Directorist plugin. 4. Click 'Update Now' if available, or download version 8.1+ from WordPress repository. 5. Replace plugin files with patched version.

🔧 Temporary Workarounds

Block REST API Endpoint

linux

Add .htaccess rule to block access to the vulnerable endpoint

RewriteEngine On
RewriteRule ^wp-json/directorist/v1/users/ - [F,L]

Disable Plugin

all

Temporarily disable Directorist plugin until patched

wp plugin deactivate directorist

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests to /wp-json/directorist/v1/users/ endpoint
Restrict access to WordPress REST API using authentication or IP whitelisting

🔍 How to Verify

Check if Vulnerable:

Send GET request to https://yoursite.com/wp-json/directorist/v1/users/ - if it returns user data without authentication, you're vulnerable.

Check Version:

wp plugin get directorist --field=version

Verify Fix Applied:

After update, same GET request should return 401/403 error or no user data without authentication.

📡 Detection & Monitoring

Log Indicators:

Multiple 200 OK responses to /wp-json/directorist/v1/users/ from unauthenticated IPs
Unusual GET requests to Directorist REST endpoints

Network Indicators:

Unusual traffic patterns to /wp-json/directorist/v1/users/ endpoint
Bursts of requests from single IPs to user data endpoints

SIEM Query:

source="web_logs" AND uri="/wp-json/directorist/v1/users/" AND response_code=200 AND NOT auth_status="authenticated"

📊 Metadata

CVE ID: CVE-2024-12041

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-359

EPSS Score: 0.31% exploit probability (53.5th percentile)

Published: February 1, 2025

Last Updated: February 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12041, you might also want to check these: