CVE-2025-1570

CVE-2025-1570 is a privilege escalation vulnerability via account takeover affecting the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress in all versions up to and including 8.1. The flaw arises from inadequate controls in the directorist_generate_password_reset_pin_code() and reset_user_password() functions, which fail to prevent brute force attacks on one-time passwords (OTPs) or verify that password reset requests originate from authorized users. This CWE-640 issue carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentially, integrity, and availability impacts.

Unauthenticated attackers can exploit this vulnerability remotely over the network, though it requires high attack complexity. By generating OTPs and brute-forcing them, attackers can reset passwords for any user account, including administrators, achieving full account takeover and subsequent control over the WordPress site.

Advisories reference a patch in the WordPress plugins trac at changeset 3246340 for Directorist, with additional details available in Wordfence threat intelligence. Security practitioners should update to a plugin version beyond 8.1 to mitigate the issue.