Primary

Context

Directorist Business Directory Plugin Missing Authorization Vulnerability for Data Export and Slug Modification

Vulnerability

A vulnerability exists in the Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings for WordPress, in all versions through 8.5.2. The issue arises from a lack of proper capability checks on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions. This flaw allows authenticated attackers with Subscriber-level access and above to export listing details and modify the Directorist slug.

Impact

Exploitation of this vulnerability could lead to unauthorized data export and unauthorized changes to directory slugs, potentially disrupting the organization and management of listings.

Remediation

Users are advised to update the Directorist plugin to version 8.5.3 or a newer patched version.

Added: Nov 19, 2025, 6:29 AM

Updated: Nov 19, 2025, 6:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

1.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Directorist Business Directory Plugin Missing Authorization Vulnerability for Data Export and Slug Modification

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating