{"vulnerability": "CVE-2025-1653", "sightings": [{"uuid": "ddae1e57-0954-4066-964b-3e5122ccb2a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7649", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-1653\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.\n\ud83d\udccf Published: 2025-03-15T02:22:42.443Z\n\ud83d\udccf Modified: 2025-03-15T02:22:42.443Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve\n2. https://wordpress.org/plugins/ulisting/", "creation_timestamp": "2025-03-15T02:45:39.000000Z"}, {"uuid": "c8b08808-e90b-4842-b310-ebac3de271b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/13", "content": "Attackers with Subscriber-level access can abuse this flaw to modify their own privileges, such as updating their user role to \u201cadministrator.\u201d The vulnerability stems from inadequate capability checks and nonce validation, allowing low-privileged users to escalate permissions by crafting malicious requests to the vulnerable endpoint.", "creation_timestamp": "2025-03-28T23:40:21.000000Z"}, {"uuid": "7db43b38-4bbd-4623-a69c-f2a940608db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "seen", "source": "Telegram/KrqCsLQ5BQ1PINhjDK3MomCPp_jkQnftLaEgkj5VZWGBt0s", "content": "", "creation_timestamp": "2025-03-15T04:00:45.000000Z"}, {"uuid": "b6c84e22-7f09-4081-be79-96c72a9c2fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkfdkxjjh52x", "content": "", "creation_timestamp": "2025-03-15T04:56:48.924558Z"}, {"uuid": "270b36cf-c9d9-400f-9774-00309364230e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "published-proof-of-concept", "source": "Telegram/zXeR48AVl-g3-zFgg1o819hvSIyskZF2kKQNZdmMdcv74Y4", "content": "", "creation_timestamp": "2025-03-28T23:42:12.000000Z"}, {"uuid": "e08d748e-3748-4ee8-99cd-6a2b3d5bbd33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "published-proof-of-concept", "source": "https://t.me/cvexploit/31", "content": "Attackers with Subscriber-level access can abuse this flaw to modify their own privileges, such as updating their user role to \u201cadministrator.\u201d The vulnerability stems from inadequate capability checks and nonce validation, allowing low-privileged users to escalate permissions by crafting malicious requests to the vulnerable endpoint.", "creation_timestamp": "2025-03-28T23:42:10.000000Z"}, {"uuid": "3f4b3f4b-bec2-4262-8ef3-77c166141973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "seen", "source": "https://t.me/cvedetector/20347", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1653 - uListing WordPress Plugin Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-1653 \nPublished : March 15, 2025, 3:15 a.m. | 34\u00a0minutes ago \nDescription : The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T05:15:17.000000Z"}, {"uuid": "37d1fb6e-26b3-4dc8-907a-7d7f5cb8459a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "published-proof-of-concept", "source": "Telegram/yCF7WZfcWyZ_gFovIoZAzXPmTHFRJxtDYTgLS7FkwxiTPY0", "content": "", "creation_timestamp": "2025-03-29T04:00:06.000000Z"}, {"uuid": "85594d0f-d22e-4013-acd9-819c512be49c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "published-proof-of-concept", "source": "Telegram/KggYeN27jZ-a4rfgVHT2MGe0BAzOSuPW6YEwI7pxp7JEmks", "content": "", "creation_timestamp": "2025-03-29T08:00:08.000000Z"}, {"uuid": "443918c9-44e9-4fee-8811-86c283613376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-1653", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114164402333040053", "content": "", "creation_timestamp": "2025-03-15T03:48:54.220569Z"}]}