{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1653", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-24T19:46:26.647Z", "datePublished": "2025-03-15T02:22:42.443Z", "dateUpdated": "2026-04-08T16:48:42.905Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:42.905Z"}, "affected": [{"vendor": "stylemix", "product": "Directory Listings WordPress plugin \u2013 uListing", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "title": "Directory Listings WordPress plugin \u2013 uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve"}, {"url": "https://wordpress.org/plugins/ulisting/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-266 Incorrect Privilege Assignment", "cweId": "CWE-266", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Tan Phat"}], "timeline": [{"time": "2025-03-14T14:22:22.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-17T21:26:01.730859Z", "id": "CVE-2025-1653", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T21:28:43.240Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1653", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-17T21:26:01.730859Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T21:26:02.993Z"}}], "cna": {"title": "Directory Listings WordPress plugin \u2013 uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Tan Phat"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "stylemix", "product": "Directory Listings WordPress plugin \u2013 uListing", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-14T14:22:22.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve"}, {"url": "https://wordpress.org/plugins/ulisting/"}], "descriptions": [{"lang": "en", "value": "The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:42.905Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1653", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:48:42.905Z", "dateReserved": "2025-02-24T19:46:26.647Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-15T02:22:42.443Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stylemixthemes:ulisting:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FD860D19-4C83-4043-8152-782413B7C1B0", "versionEndIncluding": "2.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."}, {"lang": "es", "value": "El complemento Directory Listings WordPress plugin \u2013 uListing de WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 2.1.7 incluida. Esto se debe a que la acci\u00f3n AJAX stm_listing_profile_edit no tiene suficientes restricciones en los metadatos del usuario que se pueden actualizar. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, eleven sus privilegios a los de administrador."}], "id": "CVE-2025-1653", "lastModified": "2026-04-08T18:24:26.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-15T03:15:34.457", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/ulisting/"}, {"source": "security@wordfence.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:54:21.266286+00:00", "value": {"mitigation_remediation": ["Upgrade the Directory Listings WordPress plugin \u2013 uListing to a version newer than 2.2.0 to eliminate the privilege escalation flaw.", "If a patch cannot be applied immediately, restrict the stm_listing_profile_edit AJAX action to administrators only by adjusting user capabilities or applying a custom capability filter.", "If the plugin is not essential, deactivate or remove it to prevent the vulnerability from being exploitable."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Directory Listings WordPress plugin \u2013 uListing (stylemixthemes) are affected. All releases through and including version 2.2.0 are vulnerable.", "description_and_impact": "The Directory Listings WordPress plugin \u2013 uListing versions up to 2.2.0 contains a flaw in the stm_listing_profile_edit AJAX action, which fails to restrict the user meta that can be updated. Because of this weakness, any authenticated user with the Subscriber role or higher can modify their own meta values and elevate their privileges to an administrator, giving them full control over the site, including the ability to publish content, manage users, and install plugins.", "risk_and_exploitability": "The CVSS score of 8.8 classifies the vulnerability as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers need only authenticated access to a Subscriber or higher role, making exploitation feasible once credentials are compromised. Despite the low EPSS rating, the potential impact of gaining administrator rights warrants prompt remediation."}}}}, "created": "2026-04-21T22:00:26.597753+00:00", "updated": "2026-04-21T22:00:26.597763+00:00", "vendors": []}