Browse all 3 CVE security advisories affecting aDirectory. AI-powered Chinese analysis, POCs, and references for each vulnerability.
aDirectory is an enterprise directory service solution designed for centralized identity and access management, streamlining user authentication and resource authorization across organizational systems. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The platform has accumulated three CVEs, with notable issues including authentication bypass mechanisms and insecure default configurations that could allow unauthorized access to sensitive directory data. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the service without implementing additional security controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67975 | WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability — aDirectoryCWE-862 | 6.5 | Medium | 2026-02-20 |
| CVE-2024-50420 | WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability — aDirectoryCWE-434 | 10.0 | Critical | 2024-10-29 |
This page lists every published CVE security advisory associated with aDirectory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.