Description
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Published: 2025-03-15
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The Directory Listings WordPress plugin – uListing versions up to 2.2.0 contains a flaw in the stm_listing_profile_edit AJAX action, which fails to restrict the user meta that can be updated. Because of this weakness, any authenticated user with the Subscriber role or higher can modify their own meta values and elevate their privileges to an administrator, giving them full control over the site, including the ability to publish content, manage users, and install plugins.

Affected Systems

WordPress sites using the Directory Listings WordPress plugin – uListing (stylemixthemes) are affected. All releases through and including version 2.2.0 are vulnerable.

Risk and Exploitability

The CVSS score of 8.8 classifies the vulnerability as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Attackers need only authenticated access to a Subscriber or higher role, making exploitation feasible once credentials are compromised. Despite the low EPSS rating, the potential impact of gaining administrator rights warrants prompt remediation.

Generated by OpenCVE AI on April 21, 2026 at 21:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Directory Listings WordPress plugin – uListing to a version newer than 2.2.0 to eliminate the privilege escalation flaw.
  • If a patch cannot be applied immediately, restrict the stm_listing_profile_edit AJAX action to administrators only by adjusting user capabilities or applying a custom capability filter.
  • If the plugin is not essential, deactivate or remove it to prevent the vulnerability from being exploitable.

Generated by OpenCVE AI on April 21, 2026 at 21:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-6617 The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Description The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Title Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00075}

 epss

{'score': 0.00025}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00055}

 epss

{'score': 0.00075}

Fri, 28 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Stylemixthemes
Stylemixthemes ulisting
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:stylemixthemes:ulisting:*:*:*:*:*:wordpress:*:*
Vendors & Products Stylemixthemes
Stylemixthemes ulisting

Mon, 17 Mar 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 15 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
Description The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Title Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Stylemixthemes Ulisting
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:48:42.905Z

Reserved: 2025-02-24T19:46:26.647Z

Link: CVE-2025-1653

cve-icon Vulnrichment

Updated: 2025-03-17T21:26:02.993Z

cve-icon NVD

Status : Modified

Published: 2025-03-15T03:15:34.457

Modified: 2026-04-08T18:24:26.867

Link: CVE-2025-1653

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T22:00:26Z

Weaknesses