CVE-2025-12174
Description
The Directorist plugin for WordPress ≤8.5.2 allows authenticated Subscribers to export listings and change slugs due to missing capability checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Directorist plugin for WordPress ≤8.5.2 allows authenticated Subscribers to export listings and change slugs due to missing capability checks.
Vulnerability
The Directorist plugin for WordPress versions up to and including 8.5.2 is vulnerable to unauthorized access due to missing capability checks on the directorist_prepare_listings_export_file and directorist_type_slug_change AJAX actions. This allows authenticated users with Subscriber-level access or above to perform actions that should require higher privileges [1].
Exploitation
An attacker must have a valid WordPress account with at least Subscriber role. The attacker can send AJAX requests to the vulnerable endpoints via admin-ajax.php without needing any additional authentication or nonce verification for the capability check [1].
Impact
Successful exploitation enables an attacker to export listing details (information disclosure) and change the directorist slug, which can affect the site's directory structure and appearance [1]. The attacker does not gain administrative access but can compromise confidentiality and integrity of directory data.
Mitigation
The vulnerability is fixed in version 8.5.3 of the Directorist plugin. Users are advised to update to this version immediately. No workarounds are provided in the available references [1].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=8.5.2+ 1 more
- (no CPE)range: <=8.5.2
- (no CPE)range: <=8.5.2
Patches
1r3394856Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.