CVE-2025-2224

Summary

CVE-2025-2224 is a vulnerability affecting the Directorist plugin for WordPress, which is used for business directory listings and classified ads. The issue stems from a missing capability check on the 'parse_query' function, present in all versions up to 8.2. This flaw opens the door for unauthenticated attackers to manipulate data, specifically the post_status of any post, enabling them to publish unauthorized content. The consequences can range from minor inconvenience to severe security breaches and potential data loss. Upgrading to the latest version or applying the available patch is recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.