CVE-2025-10488
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-10488, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-25

Last updated on: 2025-10-27

Assigner: Wordfence

Description

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and including, 8.4.8. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-25
Last Modified
2025-10-27
Generated
2026-07-06
AI Q&A
2025-10-25
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
directorist directorist 8.4.5
directorist directorist 8.4.9

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized or suspicious AJAX requests to the 'add_listing_action' endpoint in the Directorist plugin, especially those attempting to move files or upload images without proper authorization. You can check your web server logs for POST requests to admin-ajax.php with the action parameter set to 'add_listing_action'. For example, using grep on an Apache or Nginx access log: 1. grep 'add_listing_action' /var/log/apache2/access.log 2. grep 'add_listing_action' /var/log/nginx/access.log Additionally, inspecting WordPress debug logs or enabling logging for AJAX actions may help identify suspicious activity. Since the vulnerability involves arbitrary file moves via insufficient file path validation, look for unusual file operations or unexpected changes in critical files like wp-config.php. There are no specific commands provided in the resources, but monitoring AJAX requests and file changes related to the Directorist plugin is recommended. [1]

Executive Summary

The vulnerability in the Directorist WordPress plugin (up to version 8.4.8) is due to insufficient validation of file paths in the add_listing_action AJAX action. This flaw allows unauthenticated attackers to move arbitrary files on the server. Because the plugin handles listing submissions and image uploads, improper sanitization of file names and paths can be exploited to manipulate files, potentially moving critical files like wp-config.php. This can lead to remote code execution if an attacker moves or replaces files that the server executes or reads. The vulnerability arises from inadequate checks on uploaded file names and paths, which was later fixed by improving filename sanitization. [1, 2]

Impact Analysis

This vulnerability can have severe impacts including allowing attackers to move arbitrary files on the server without authentication. This can lead to remote code execution if critical files such as wp-config.php are moved or replaced. Remote code execution can allow attackers to take full control of the affected WordPress site, leading to data theft, site defacement, malware installation, or further attacks on the hosting environment. [1]

Mitigation Strategies

The immediate mitigation step is to update the Directorist plugin to version 8.4.9 or later, as this version includes a security fix that improves filename sanitization to prevent arbitrary file moves and file manipulation attacks. This update applies the sanitize_file_name() function to uploaded filenames, enforcing stricter validation and mitigating the vulnerability. Additionally, ensure your WordPress installation and PHP version meet the plugin requirements (PHP 7.0 or higher). If updating immediately is not possible, restrict access to the AJAX actions related to listing submissions and uploads, and monitor for suspicious activity as a temporary measure. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10488. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart