Privilege Escalation Vulnerability in uListing Plugin for WordPress
CVE-2025-1653
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 15 March 2025
What is CVE-2025-1653?
The uListing plugin for WordPress is susceptible to a serious vulnerability that allows authenticated users with Subscriber-level access or higher to escalate their privileges to that of an administrator. This flaw stems from inadequate restrictions on the user meta that can be updated via the stm_listing_profile_edit AJAX action. As a result, attackers could exploit this weakness to gain unauthorized access and control over sensitive admin-level functionalities. It is crucial for users to update to the latest version to mitigate potential risks.
Affected Version(s)
Directory Listings WordPress plugin – uListing * <= 2.1.7