{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12174", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-24T15:42:34.711Z", "datePublished": "2025-11-19T05:45:14.157Z", "dateUpdated": "2026-04-08T17:02:10.164Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:02:10.164Z"}, "affected": [{"vendor": "wpwax", "product": "Directorist: AI-Powered Business Directory, Listings & Classified Ads", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export listing details and change the directorist slug."}], "title": "Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/796c0ded-3a23-4dd6-968a-a8e60bd8ea0e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3394856/directorist/tags/8.5.3/includes/classes/class-ajax-handler.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Rafshanzani Suhada"}], "timeline": [{"time": "2025-10-24T15:57:43.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-19T20:30:45.603142Z", "id": "CVE-2025-12174", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-19T20:31:28.154Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export listing details and change the directorist slug."}], "id": "CVE-2025-12174", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-19T06:15:45.697", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3394856/directorist/tags/8.5.3/includes/classes/class-ajax-handler.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/796c0ded-3a23-4dd6-968a-a8e60bd8ea0e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:51:07.810286+00:00", "value": {"mitigation_remediation": ["Upgrade the Directorist plugin to version 8.5.3 or later, which includes the missing capability checks.", "Review user roles on the site and ensure that only trusted users possess Subscriber or higher capabilities, minimizing the impact surface.", "If an immediate upgrade is not possible, temporarily block access to the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX endpoints for Subscriber+ users by implementing a firewall rule or adjusting plugin settings to prevent exploitation."], "summary": {"action": "Patch", "impact": "Unauthorized data export and slug modification"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Directorist AI-Powered Business Directory and Listings & Classified Ads plugin distributed by wpwax. All releases up to and including version 8.5.2 are impacted. Users running these versions on WordPress sites should verify their installed version against the remediation guidance.", "description_and_impact": "The Directorist plugin for WordPress contains a missing capability check in two AJAX actions, 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change', allowing authenticated users with Subscriber level or higher to export listing details or alter the plugin's slug without proper authorization. This vulnerability permits disclosure of sensitive listing information and arbitrary changes to directory configuration.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates medium severity. The EPSS score of less than 1% suggests a low current exploitation probability. The issue is not listed in the CISA KEV catalog. Attackers must first authenticate as a user with Subscriber or higher capability; exploitation occurs via authenticated AJAX endpoints, allowing download of listing data or modification of the slug."}}}}, "created": "2025-11-21T09:15:50.737497+00:00", "updated": "2026-04-22T13:00:09.729191+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpwax", "wpwax$PRODUCT$directorist"]}