The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress suffers from a critical weakness in its password recovery mechanism, identified as CVE-2025-1570 and categorized under CWE-640 (Weak Password Recovery Mechanism). The vulnerability stems from inadequate validation and protection in the functions directorist_generate_password_reset_pin_code() and reset_user_password(), which handle the generation and verification of OTPs used during password resets. Specifically, these functions do not sufficiently restrict or monitor OTP generation and verification attempts, allowing an unauthenticated attacker to brute force the OTP. Successful brute forcing enables the attacker to reset any user's password, including those with administrative privileges, effectively escalating their privileges and taking over accounts. The vulnerability affects all versions of the plugin up to and including version 8.1. The CVSS v3.1 score of 8.1 reflects the network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. Although no exploits have been reported in the wild, the vulnerability presents a significant risk due to the widespread use of WordPress and the plugin's functionality in business directories and classified ads, which often hold sensitive user and business data.

The impact of CVE-2025-1570 is severe for organizations using the Directorist plugin on their WordPress sites. An attacker exploiting this vulnerability can gain unauthorized access to any user account by resetting passwords, including administrator accounts, leading to full site compromise. This can result in data breaches exposing sensitive business and user information, defacement or deletion of website content, insertion of malicious code or backdoors, and disruption of business operations. The ability to escalate privileges without authentication increases the risk of widespread damage and persistence within affected environments. Organizations relying on this plugin for business directories or classified ads may face reputational damage, regulatory penalties, and financial losses if exploited. The vulnerability's exploitation could also serve as a foothold for further attacks within the organization's network.

To mitigate CVE-2025-1570, organizations should immediately monitor for updates or patches released by the wpwax vendor and apply them as soon as they become available. In the absence of an official patch, administrators should consider disabling the password reset functionality of the Directorist plugin or the plugin itself until a fix is applied. Implementing additional rate limiting and monitoring on password reset endpoints can help detect and prevent brute force attempts. Enforcing multi-factor authentication (MFA) for all user accounts, especially administrators, can reduce the risk of account takeover. Regularly auditing user accounts and resetting passwords proactively may limit exposure. Web application firewalls (WAFs) can be configured to detect and block suspicious password reset requests or excessive OTP verification attempts. Finally, educating users about phishing and suspicious password reset notifications can help mitigate social engineering attempts that may leverage this vulnerability.