cleantalk
Vulnerabilities and Security Researches

Directorist – WordPress Business Directory Plugin with Classified Ads Listings, CVE-2025-12174

CVE, Research URL

CVE-2025-12174

Home page URL

Security reports for Directorist – WordPress Business Directory Plugin with Classified Ads Listings

Application

Directorist – WordPress Business Directory Plugin with Classified Ads Listings

Published on
Nov 19, 2025
Research Description
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export listing details and change the directorist slug.
Affected versions
max 8.5.3.
Status
vulnerable
Previous vulnerability researches
Directorist – WordPress Business Directory Plugin with Classified Ads Listings (CVE-2025-2224) , Mar 26, 2025
Directorist – WordPress Business Directory Plugin with Classified Ads Listings (CVE-2022-2046) , Jun 07, 2024
Directorist – WordPress Business Directory Plugin with Classified Ads Listings (CVE-2022-2377) , Jun 07, 2024
Directorist – WordPress Business Directory Plugin with Classified Ads Listings (CVE-2022-3930) , Jun 07, 2024
Directorist – WordPress Business Directory Plugin with Classified Ads Listings (CVE-2023-1888) , Jun 07, 2024
New vulnerability
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2025-67993) , Feb 27, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-24965) , Feb 27, 2026
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
VK All in One Expansion Unit (CVE-2025-11737) , Feb 27, 2026