Overview
CVE-2025-12174 identifies a medium-severity vulnerability in the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress. Specifically, versions up to and including 8.5.2 are affected by a missing capability check on two AJAX actions: directorist_prepare_listings_export_file and directorist_type_slug_change. This flaw allows authenticated attackers with Subscriber-level access (or higher) to export listing details and modify the Directorist slug, leading to potential data exposure and site manipulation.
Technical Details
The vulnerability stems from the lack of proper authorization checks within the AJAX handler functions associated with the directorist_prepare_listings_export_file and directorist_type_slug_change actions. WordPress plugins should verify that the user initiating an AJAX request has the necessary capabilities (e.g., manage_options, edit_posts) to perform the intended action. In this case, the Directorist plugin failed to implement these checks, allowing users with the lowest access level (Subscriber) to trigger functions intended for administrators or higher-level users. This allows subscriber level users to export all listings data or change the Directorist base slug.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-12174 a score of 6.5 (MEDIUM). This score reflects the following factors:
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L) – Requires Subscriber Access
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality Impact (C): Low (L) – Limited data access
- Integrity Impact (I): Low (L) – Modification of Directorist slug
- Availability Impact (A): None (N)
Possible Impact
The exploitation of CVE-2025-12174 can have the following impacts:
- Data Leakage: Unauthorized export of business listing data, potentially including contact information, addresses, and other sensitive details.
- SEO Impact: Changing the Directorist slug can negatively affect the website’s SEO ranking.
- Potential for Abuse: Malicious users could collect data for spamming, phishing, or other nefarious purposes.
- Minor Website Disruption: While not a critical vulnerability, changing the directory slug could cause broken links and confusion for users.
Mitigation and Patch Steps
The vulnerability has been patched in Directorist plugin version 8.5.3. Users are strongly advised to take the following steps:
- Update the Directorist Plugin: Update the Directorist plugin to the latest version (8.5.3 or higher) through the WordPress admin dashboard.
- Verify User Roles: Ensure that user roles and permissions are configured correctly to limit access to sensitive functions.
- Monitor for Suspicious Activity: Regularly monitor website logs for any unusual or unauthorized activity.
References
- WordPress Plugin Changelog: https://plugins.trac.wordpress.org/changeset/3394856/directorist/tags/8.5.3/includes/classes/class-ajax-handler.php
- Wordfence Threat Intelligence: https://www.wordfence.com/threat-intel/vulnerabilities/id/796c0ded-3a23-4dd6-968a-a8e60bd8ea0e?source=cve
