CVE-2025-12577

Name of the Vulnerable Software and Affected Versions Listar – Directory Listing & Classifieds WordPress Plugin versions up to and including 3.0.0

Description The Listar WordPress Plugin is susceptible to unauthorized data modification. An attacker with Subscriber-level access or higher can update listing details due to a missing capability check on the /wp-json/listar/v1/place/save API endpoint. The place parameter within this API endpoint is vulnerable.

Recommendations Versions prior to 3.0.0 should be updated.