Unauthorized Access Vulnerability in Directorist Business Directory Plugin for WordPress

CVE-2025-12174

What is CVE-2025-12174?

The Directorist: AI-Powered Business Directory Plugin for WordPress has a vulnerability that allows authenticated attackers, starting from Subscriber-level access, to exploit missing capability checks in specific AJAX actions. The actions 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' are affected, enabling unauthorized users to export listing details and alter the directory slug. This could lead to unauthorized modifications and exposure of sensitive information across installations running versions 8.5.2 and earlier.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References