The Directorist WordPress plugin suffers from a missing capability check (CWE-862) on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions. This flaw permits authenticated users with minimal privileges (Subscriber-level and above) to perform unauthorized actions such as exporting listing details and changing the directorist slug. The vulnerability affects all versions up to and including 8.5.2. The CVSS v3.1 base score is 6.5, indicating a medium severity impact primarily due to confidentiality and integrity loss without availability impact.

An attacker with Subscriber-level access can exploit this vulnerability to export sensitive listing information and alter the directory slug, potentially impacting data confidentiality and integrity. There is no indication of availability impact. No known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict Subscriber-level access to trusted users only and monitor for suspicious activity related to listing exports and slug changes. Avoid granting unnecessary privileges to low-level users.