Cyber Resilience

CVE-2025-1653

High

Published: 15 March 2025

Published
15 March 2025
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1653 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Stylemixthemes Ulisting. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-1653 is a privilege escalation vulnerability in the uListing plugin for WordPress, also referred to as the Directory Listings WordPress plugin, affecting all versions up to and including 2.2.0. The flaw arises from insufficient restrictions in the stm_listing_profile_edit AJAX action, which fails to properly limit the user meta fields that can be updated, enabling unauthorized privilege changes. Published on 2025-03-15, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-266.

Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability remotely over the network with low attack complexity and no user interaction. By sending a crafted request to the vulnerable AJAX endpoint, they can modify their own user meta to elevate their role to administrator, potentially granting full control over the WordPress site, including access to sensitive data, user management, and plugin/theme modifications.

Mitigation details are outlined in advisories available at the Wordfence threat intelligence page (https://www.wordfence.com/threat-intel/vulnerabilities/id/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve) and the plugin's official WordPress.org listing (https://wordpress.org/plugins/ulisting/).

EU & UK References

Vulnerability details

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that…

more

can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability directly enables privilege escalation by allowing authenticated low-privilege users to modify user meta and elevate to administrator role via the vulnerable AJAX action.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1657Same product: Stylemixthemes Ulisting
CVE-2026-42368Shared CWE-266
CVE-2025-69293Shared CWE-266
CVE-2026-42680Shared CWE-266
CVE-2025-69378Shared CWE-266
CVE-2026-27102Shared CWE-266
CVE-2025-22736Shared CWE-266
CVE-2024-40591Shared CWE-266
CVE-2026-48879Shared CWE-266
CVE-2025-33179Shared CWE-266

Affected Assets

stylemixthemes
ulisting
≤ 2.1.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent low-privileged subscribers from escalating to administrator via unrestricted user meta updates in the AJAX action.

prevent

Requires enforcement of access control policies on the stm_listing_profile_edit AJAX endpoint to restrict unauthorized modifications to privilege-related user meta.

prevent

Mandates input validation on user meta fields submitted to the AJAX action to block updates to sensitive privilege attributes.

References