CVE-2023-2252: 
WordPress vulnerability analysis and mitigation

The Directorist WordPress plugin before version 7.5.4 contains a Local File Inclusion (LFI) vulnerability identified as CVE-2023-2252. The vulnerability was discovered by the rSolutions Security Team and publicly disclosed on May 10, 2023. This security issue affects the plugin's file parameter validation mechanism during CSV file imports (WPScan).

The vulnerability stems from improper validation of the file parameter when importing CSV files in the Directorist plugin. The issue has been assigned a CVSS score of 6.6 (medium severity) and is classified under CWE-22. The vulnerability falls under the OWASP Top 10 category A1: Injection (WPScan).

When successfully exploited, this vulnerability allows attackers with administrative access to perform Local File Inclusion attacks, potentially exposing sensitive system files. The attacker can read and access files on the affected system, such as the /etc/passwd file on Linux systems (WPScan).

The vulnerability has been patched in version 7.5.4 of the Directorist plugin. Users are strongly advised to update to this version or later to mitigate the risk (WPScan).