CVE-2025-1570 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-1570?

CVE-2025-1570 has a CVSS score of 8.1 (HIGH). This vulnerability allows unauthenticated attackers to brute-force OTP codes and reset passwords for any user, including administrators, in the Directorist WordPress plugin. All WordPress sites using Directorist plugin versions up to 8.1 are affected. Attackers can take over accounts and escalate privileges.

📋 TL;DR

This vulnerability allows unauthenticated attackers to brute-force OTP codes and reset passwords for any user, including administrators, in the Directorist WordPress plugin. All WordPress sites using Directorist plugin versions up to 8.1 are affected. Attackers can take over accounts and escalate privileges.

💻 Affected Systems

Products:

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings

Versions: All versions up to and including 8.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Directorist by Wpwax

View all CVEs affecting Directorist →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise via administrator account takeover, leading to data theft, defacement, or malware installation.

🟠

Likely Case

Unauthorized password resets for regular users, potential privilege escalation to administrator if weak passwords exist.

🟢

If Mitigated

Limited impact with proper rate limiting, strong passwords, and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires brute-forcing OTP codes but is unauthenticated and straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 8.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3246340/directorist

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Directorist plugin. 4. Click 'Update Now' if available, or manually update to version 8.2+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

WordPress

Disable the Directorist plugin until patched to prevent exploitation.

wp plugin deactivate directorist

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block OTP brute-force attempts.
Enable rate limiting on password reset endpoints using security plugins like Wordfence.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Directorist version. If version is 8.1 or lower, it's vulnerable.

Check Version:

wp plugin get directorist --field=version

Verify Fix Applied:

After updating, confirm Directorist plugin version is 8.2 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Multiple failed password reset attempts from single IP
Unusual password reset success logs for admin accounts

Network Indicators:

High volume of POST requests to /wp-admin/admin-ajax.php with action=directorist_generate_password_reset_pin_code or similar

SIEM Query:

source="wordpress.log" AND ("password reset" OR "directorist") AND status=200

📊 Metadata

CVE ID: CVE-2025-1570

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-640

EPSS Score: 0.41% exploit probability (60.5th percentile)

Published: February 28, 2025

Last Updated: March 6, 2025

🔗 References

https://plugins.trac.wordpress.org/changeset/3246340/directorist Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/853562ed-7f2e-453c-b3d0-67c90bd0231f?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1570, you might also want to check these: