Directorist Security Settings Not Enforcing Access Controls

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Directorist Security Settings Not Enforcing Access Controls

CVE-2026-39509

Summary

Directorist, a WordPress plugin for creating directories, has a security weakness that allows unauthorized access to certain features. This could lead to sensitive information being accessed or modified. Update Directorist to version 8.5.11 or later to fix this issue.

Original title

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.

Original description

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/directorist/vulnerability/wordp...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026