CVE-2025-10488

Name of the Vulnerable Software and Affected Versions Directorist versions up to and including 8.4.8

Description The Directorist plugin for WordPress is susceptible to arbitrary file move due to inadequate file path validation within the add listing action AJAX action. This allows unauthenticated attackers to move arbitrary files on the server. Successful exploitation, such as moving files like wp-config.php, can lead to remote code execution.

Recommendations Update to version 8.4.9 or later.