Directorist Social Login Flaw CVE-2026-22337 Exposes Critical Privilege Escalation
The National Vulnerability Database has detailed CVE-2026-22337, a critical privilege escalation vulnerability impacting Directorist Social Login. This flaw, rated 9.8 on the CVSS scale, allows unauthenticated attackers to gain elevated privileges within affected systems. The vulnerability exists in versions prior to 2.1.4, indicating a widespread potential risk for organizations relying on this social login integration.
This is not a theoretical risk; it’s a direct pathway for attackers to compromise user accounts and potentially sensitive data. The ease of exploitation (CVSS vector AV:N/AC:L/PR:N/UI:N) means defenders cannot afford to ignore it. Attackers will likely target this as a low-hanging fruit to gain initial access or escalate privileges within an environment, moving laterally thereafter.
Organizations utilizing Directorist Social Login must immediately update to version 2.1.4 or later. A thorough audit of user privileges and system logs for any suspicious activity preceding the update is also strongly recommended. Failure to patch this vulnerability leaves systems wide open to exploitation.
What This Means For You
- If your organization uses Directorist Social Login, verify your version immediately and patch to 2.1.4 or higher. Audit for unauthorized privilege changes and review access logs for any anomalies.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-22337 - Directorist Social Login Privilege Escalation Attempt
title: CVE-2026-22337 - Directorist Social Login Privilege Escalation Attempt
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
This rule detects attempts to exploit the Directorist Social Login vulnerability (CVE-2026-22337) by targeting the admin-ajax.php endpoint with a specific action related to social login. This vulnerability allows for privilege escalation.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-22337/
tags:
- attack.privilege_escalation
- attack.t1068
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/wp-admin/admin-ajax.php'
cs-uri-query|contains:
- 'action=directorist_social_login'
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-22337 | Privilege Escalation | Directorist Social Login plugin |
| CVE-2026-22337 | Privilege Escalation | Directorist Social Login versions prior to 2.1.4 |
| CVE-2026-22337 | Privilege Escalation | Incorrect Privilege Assignment |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 14:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Totolink A8000RU Critical Command Injection (CVE-2026-7122)
CVE-2026-7122 — A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
Totolink A8000RU Critical Command Injection (CVE-2026-7121) Exposed
CVE-2026-7121 — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
Tenda HG3 Router OS Command Injection (CVE-2026-7119)
CVE-2026-7119 — A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the...