CVE-2025-12577 is a vulnerability classified under CWE-862 (Missing Authorization) affecting the Listar – Directory Listing & Classifieds WordPress Plugin by passionui. The flaw exists because the REST API endpoint '/wp-json/listar/v1/place/save' lacks proper capability checks, allowing authenticated users with minimal privileges (Subscriber-level and above) to update listing details without authorization. This means that any user with an account on a vulnerable WordPress site using this plugin can modify directory or classified listings, potentially injecting false or malicious information. The vulnerability affects all plugin versions up to 3.0.0. The CVSS 3.1 base score is 4.3, indicating medium severity, with attack vector being network-based, low attack complexity, requiring privileges but no user interaction, and impacting integrity only. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability could be exploited to undermine data integrity, mislead users, or damage the reputation of affected websites. Since the plugin is used in WordPress environments, the threat surface includes any site running this plugin, especially those with open user registrations or multiple user roles.

The primary impact of CVE-2025-12577 is unauthorized modification of listing data, which compromises data integrity. Attackers with Subscriber-level access can alter directory or classified listings, potentially inserting misleading, fraudulent, or malicious content. This can degrade user trust, damage brand reputation, and cause operational disruptions for businesses relying on accurate listings. While confidentiality and availability are not directly impacted, the integrity breach can lead to secondary consequences such as misinformation, loss of customers, or legal liabilities. Organizations with public-facing directory or classified platforms are particularly vulnerable. The ease of exploitation (low complexity, network accessible) combined with the commonality of WordPress deployments increases the risk of widespread impact if not mitigated. No known exploits in the wild reduce immediate risk but do not eliminate future threat potential.

1. Immediately restrict access to the '/wp-json/listar/v1/place/save' REST API endpoint by implementing custom capability checks or access controls to ensure only authorized roles (e.g., Administrator or Editor) can modify listings. 2. Monitor user roles and permissions closely, limiting Subscriber-level users from accessing or interacting with sensitive API endpoints. 3. Disable or restrict user registration if not required, reducing the number of potential attackers with Subscriber-level access. 4. Apply web application firewall (WAF) rules to detect and block suspicious API requests targeting the vulnerable endpoint. 5. Regularly audit and review listing data for unauthorized changes to detect exploitation early. 6. Stay updated with the plugin vendor’s announcements and apply patches promptly once available. 7. Consider isolating or sandboxing the plugin functionality if feasible to limit the blast radius of potential exploits. 8. Educate site administrators on the risks of granting excessive privileges to low-level users.