The vulnerability identified as CVE-2025-12174 affects the 'Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings' for WordPress, versions up to and including 8.5.2. The root cause is a missing authorization (CWE-862) on two AJAX endpoints: 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change'. These endpoints lack proper capability checks, allowing any authenticated user with Subscriber-level access or above to invoke these actions. As a result, attackers can export sensitive listing details, potentially exposing confidential business information, and alter the directory slug, which could disrupt site navigation or SEO. The vulnerability is remotely exploitable over the network without user interaction and does not require elevated privileges beyond Subscriber. The CVSS v3.1 base score is 6.5 (medium), reflecting the moderate impact on confidentiality and integrity but no impact on availability. No patches or official fixes are currently linked, and no known exploits have been observed in the wild. The plugin is widely used in WordPress sites that provide business directories and classified ads, making this a relevant threat for many organizations relying on this functionality.

The primary impact of this vulnerability is unauthorized disclosure of business listing data, which may include sensitive or proprietary information, leading to confidentiality breaches. Additionally, unauthorized modification of the directory slug can affect website integrity by disrupting URLs, potentially causing broken links, SEO degradation, or redirection issues. For organizations relying on the Directorist plugin to manage business directories or classified ads, this could result in reputational damage, loss of customer trust, and operational disruptions. Since the exploit requires only Subscriber-level access, attackers could leverage compromised or low-privilege accounts to escalate their impact. Although availability is not directly affected, the integrity and confidentiality impacts are significant enough to warrant prompt remediation. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as exploit code could be developed and disseminated.

Organizations should immediately verify if they use the Directorist plugin and identify the version in use. Since no official patch links are provided, administrators should monitor the vendor's site and WordPress plugin repository for updates addressing this vulnerability. In the interim, restrict Subscriber-level user capabilities to the minimum necessary and audit existing user accounts to remove or upgrade unnecessary Subscriber roles. Implement web application firewall (WAF) rules to block unauthorized AJAX requests targeting 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' endpoints from users without proper authorization. Consider disabling or restricting AJAX functionality related to these actions if feasible. Regularly review access logs for suspicious activity involving these endpoints. Finally, educate site administrators about the risks of low-privilege account misuse and enforce strong authentication policies to reduce the risk of account compromise.