CVE-2025-1653: Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation

8.8 CVSS

Description

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Classification

CVE ID: CVE-2025-1653

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-266 Incorrect Privilege Assignment

Affected Products

Vendor: stylemix

Product: Directory Listings WordPress plugin – uListing

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 9.34% (scored less or equal to compared to others)

EPSS Date: 2025-04-12 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1653
https://www.wordfence.com/threat-intel/vulnerabilities/id/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve
https://wordpress.org/plugins/ulisting/

Timeline

2025-03-15 03:40:18 UTC
CVE

Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation