CVE-2025-1570
Published: 28 February 2025
Summary
CVE-2025-1570 is a high-severity Weak Password Recovery Mechanism for Forgotten Password (CWE-640) vulnerability in Wpwax Directorist. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 49.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2025-1570 is a privilege escalation vulnerability via account takeover affecting the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress in all versions up to and including 8.1. The flaw arises from inadequate controls in the directorist_generate_password_reset_pin_code() and reset_user_password() functions, which fail to prevent brute force attacks on one-time passwords (OTPs) or verify that password reset requests originate from authorized users. This CWE-640 issue carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentially, integrity, and availability impacts.
Unauthenticated attackers can exploit this vulnerability remotely over the network, though it requires high attack complexity. By generating OTPs and brute-forcing them, attackers can reset passwords for any user account, including administrators, achieving full account takeover and subsequent control over the WordPress site.
Advisories reference a patch in the WordPress plugins trac at changeset 3246340 for Directorist, with additional details available in Wordfence threat intelligence. Security practitioners should update to a plugin version beyond 8.1 to mitigate the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5504
Vulnerability details
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having…
more
enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables brute force attacks (T1110) on OTP codes in the password reset functions due to insufficient controls, allowing unauthenticated attackers to reset any user's password, including administrators, resulting in account takeover.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Limits consecutive invalid logon attempts, directly preventing brute-force attacks on OTPs during password resets.
Requires secure management of authenticators like OTPs, including strength requirements, secure generation, distribution, and protections against unauthorized brute-force or reset requests.
Mandates timely flaw remediation, such as patching the vulnerable directorist_generate_password_reset_pin_code() and reset_user_password() functions to fix inadequate OTP controls.