Primary

Context

Directorist Business Directory Plugin Arbitrary File Move Vulnerability

Vulnerability

Patched

A vulnerability allowing arbitrary file movement has been identified in the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress, affecting all versions through 8.4.8. The issue arises from inadequate file path validation in the add_listing_action AJAX handler, which could enable unauthenticated attackers to relocate files on the server. This vulnerability could easily be exploited to achieve remote code execution by moving certain files, such as wp-config.php, to a location where they can be executed.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected server.

Remediation

Users are advised to update the Directorist plugin to version 8.4.9 or later.

Added: Oct 25, 2025, 7:30 AM

Updated: Oct 25, 2025, 7:30 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

9.0

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

9.0

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Directorist Business Directory Plugin Arbitrary File Move Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Directorist

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating