CVE-2025-12577
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify listing details without proper authorization. It affects all WordPress sites using the Listar plugin up to version 3.0.0. Attackers can exploit this to alter directory listings and classified ads.
💻 Affected Systems
- Listar – Directory Listing & Classifieds WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious users could deface or corrupt all directory listings, inject malicious content, or manipulate business information to cause reputational damage or financial loss.
Likely Case
Attackers modify listings to include spam, phishing links, or inappropriate content, disrupting the directory's integrity and user trust.
If Mitigated
With proper access controls and monitoring, impact is limited to minor unauthorized edits that can be quickly detected and reverted.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via REST API calls. No public exploit code is known, but the vulnerability is simple to weaponize.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.0.1 or later
Vendor Advisory: https://wordpress.org/plugins/listar-directory-listing/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Listar – Directory Listing & Classifieds'. 4. Click 'Update Now' if available, or manually update to version 3.0.1+. 5. Verify the plugin is active after update.
🔧 Temporary Workarounds
Disable vulnerable REST endpoint
allBlock access to the vulnerable '/wp-json/listar/v1/place/save' endpoint using web server rules or WordPress filters.
Add to .htaccess (Apache): RewriteRule ^wp-json/listar/v1/place/save - [F,L]
Add to nginx config: location ~* /wp-json/listar/v1/place/save { deny all; }
Restrict user roles
allTemporarily limit Subscriber and higher roles from accessing the site or modify capabilities to prevent exploitation.
Use WordPress plugin like 'User Role Editor' to remove unnecessary capabilities from Subscriber role.
🧯 If You Can't Patch
- Disable the Listar plugin entirely until patched.
- Implement strict monitoring of REST API logs for unauthorized access to the vulnerable endpoint.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for Listar plugin version 3.0.0 or earlier.Check Version:
wp plugin list --name=listar-directory-listing --field=version (if WP-CLI installed)Verify Fix Applied:
Confirm Listar plugin version is 3.0.1 or later in WordPress admin, and test that Subscriber users cannot modify listings via REST API.📡 Detection & Monitoring
Log Indicators:
- POST requests to '/wp-json/listar/v1/place/save' from non-admin users in WordPress or web server logs.
- Unauthorized modifications to listing content in database or plugin logs.
Network Indicators:
- REST API calls to the vulnerable endpoint from unexpected IPs or user agents.
SIEM Query:
source="wordpress_logs" AND uri_path="/wp-json/listar/v1/place/save" AND user_role!="administrator"