EUVD-2025-201523

🗓️ 06 Dec 2025 06:30:16Reported by EUVDType

Unauthorized data modification in Listar WordPress plugin due to missing capability check on place save endpoint; subscribers can modify listings.

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress plugin Listar 安全漏洞	6 Dec 202500:00	–	cnnvd
CVE	CVE-2025-12577	6 Dec 202505:49	–	cve
Cvelist	CVE-2025-12577 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update	6 Dec 202505:49	–	cvelist
NVD	CVE-2025-12577	6 Dec 202506:15	–	nvd
Patchstack	WordPress Listar – Directory Listing & Classifieds WordPress plugin plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update vulnerability	6 Dec 202500:05	–	patchstack
Positive Technologies	PT-2025-49332	6 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12577	7 Dec 202506:05	–	redhatcve
Vulnrichment	CVE-2025-12577 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Listing Update	6 Dec 202505:49	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)	11 Dec 202517:00	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "7b28bda0-ff0e-3b41-972a-01034ca7676e",
        "vendor": {
          "name": "passionui"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2003f16e-aa3a-378e-a09c-478b6d5be0a0",
        "product": {
          "name": "Listar – Directory Listing & Classifieds WordPress Plugin"
        },
        "product_version": "* ≤3.0.0"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a063fab3-6d52-4f2a-b51f-b76fa2d4711c
wordpress	www.wordpress.org/plugins/listar-directory-listing/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-12577

06 Dec 2025 06:30Current

4.7Medium risk

Vulners AI Score4.7

CVSS 3.14.3

EPSS0.00036