CVE-2025-12174 – This vulnerability in the Directorist WordPress... (How to Fix)

Q: What is the severity of CVE-2025-12174?

CVE-2025-12174 has a CVSS score of 6.5 (MEDIUM). This vulnerability in the Directorist WordPress plugin allows authenticated attackers with Subscriber-level access or higher to export listing details and change directorist slugs without proper authorization. It affects all WordPress sites using Directorist plugin versions up to 8.5.2. The issue stems from missing capability checks on two AJAX actions.

📋 TL;DR

This vulnerability in the Directorist WordPress plugin allows authenticated attackers with Subscriber-level access or higher to export listing details and change directorist slugs without proper authorization. It affects all WordPress sites using Directorist plugin versions up to 8.5.2. The issue stems from missing capability checks on two AJAX actions.

💻 Affected Systems

Products:

Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings

Versions: All versions up to and including 8.5.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Directorist plugin. Vulnerability is present in default configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could export sensitive business listing data (including potentially private contact information) and modify directory slugs to disrupt site functionality or create phishing opportunities.

🟠

Likely Case

Subscribers or low-privileged users could access listing data they shouldn't see and modify directory structure, potentially causing SEO issues or user confusion.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to unauthorized data viewing by authenticated users.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access (Subscriber or higher). The vulnerability is simple to exploit via crafted AJAX requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.5.3

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3394856/directorist/tags/8.5.3/includes/classes/class-ajax-handler.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Directorist plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 8.5.3+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoints

all

Remove or restrict access to the vulnerable AJAX actions via .htaccess or WordPress hooks

Add to theme's functions.php: remove_action('wp_ajax_directorist_prepare_listings_export_file', 'directorist_prepare_listings_export_file'); remove_action('wp_ajax_directorist_type_slug_change', 'directorist_type_slug_change');

Restrict user registration

all

Temporarily disable new user registration to prevent attacker account creation

In WordPress Settings → General, uncheck 'Anyone can register'

🧯 If You Can't Patch

Implement strict access controls and monitor user activity logs for suspicious AJAX requests
Consider temporarily disabling the Directorist plugin if not essential for site functionality

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Directorist version. If version is 8.5.2 or lower, you are vulnerable.

Check Version:

wp plugin list --name=directorist --field=version (if WP-CLI installed)

Verify Fix Applied:

After updating, verify Directorist plugin version shows 8.5.3 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual AJAX requests to admin-ajax.php with actions: directorist_prepare_listings_export_file or directorist_type_slug_change from low-privileged users
Multiple export requests or slug modification attempts

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with vulnerable action parameters

SIEM Query:

source="wordpress.log" AND (action="directorist_prepare_listings_export_file" OR action="directorist_type_slug_change") AND user_role="subscriber"

📊 Metadata

CVE ID: CVE-2025-12174

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-862

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: November 19, 2025

Last Updated: November 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12174, you might also want to check these: