CVE-2025-12833

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-12833
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12833.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-12833
Published
2025-11-12T05:15:41.940Z
Modified
2026-04-02T12:33:26.588417Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, to attach arbitrary image files to arbitrary places.

References

Affected packages

Git / github.com/ayecode/geodirectory

Affected ranges

Type
GIT
Repo
https://github.com/ayecode/geodirectory
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
db655b04be32a160c0abf73217faf0a50585aa92

Affected versions

1.*
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.6
1.2.7
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.8
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.21
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
2.*
2.0.0.0-beta
2.0.0.0-dev
2.0.0.0-rc
2.0.0.1-beta
2.0.0.1-dev
2.0.0.10-beta
2.0.0.100
2.0.0.101
2.0.0.11-beta
2.0.0.12-beta
2.0.0.13-beta
2.0.0.14-beta
2.0.0.15-rc
2.0.0.16-rc
2.0.0.17
2.0.0.18
2.0.0.19
2.0.0.2-beta
2.0.0.2-dev
2.0.0.20
2.0.0.21
2.0.0.22
2.0.0.23
2.0.0.24
2.0.0.25
2.0.0.26
2.0.0.27
2.0.0.28
2.0.0.29
2.0.0.3-beta
2.0.0.30
2.0.0.31
2.0.0.32
2.0.0.33
2.0.0.34
2.0.0.35
2.0.0.36
2.0.0.37
2.0.0.38
2.0.0.39
2.0.0.4-beta
2.0.0.40
2.0.0.41
2.0.0.42
2.0.0.43
2.0.0.44
2.0.0.45
2.0.0.46
2.0.0.47
2.0.0.48
2.0.0.49
2.0.0.5-beta
2.0.0.50
2.0.0.51
2.0.0.52
2.0.0.53
2.0.0.54
2.0.0.55
2.0.0.56
2.0.0.57
2.0.0.58
2.0.0.59
2.0.0.6-beta
2.0.0.60
2.0.0.61
2.0.0.62
2.0.0.63
2.0.0.64
2.0.0.65
2.0.0.66
2.0.0.67
2.0.0.68
2.0.0.69
2.0.0.7-beta
2.0.0.70
2.0.0.71
2.0.0.72
2.0.0.73
2.0.0.74
2.0.0.75
2.0.0.76
2.0.0.77
2.0.0.78
2.0.0.79
2.0.0.8-beta
2.0.0.80
2.0.0.81
2.0.0.82
2.0.0.83
2.0.0.84
2.0.0.85
2.0.0.86
2.0.0.87
2.0.0.88
2.0.0.89
2.0.0.9-beta
2.0.0.90
2.0.0.91
2.0.0.92
2.0.0.93
2.0.0.94
2.0.0.95
2.0.0.96
2.0.0.97
2.0.0.98
2.0.0.99
2.0.69
2.1.0.0
2.1.0.1
2.1.0.10
2.1.0.11
2.1.0.12
2.1.0.13
2.1.0.14
2.1.0.15
2.1.0.16
2.1.0.17
2.1.0.18
2.1.0.19
2.1.0.2
2.1.0.20
2.1.0.3
2.1.0.4
2.1.0.5
2.1.0.6
2.1.0.7
2.1.0.8
2.1.0.9
2.1.1.0
2.1.1.1
2.1.1.10
2.1.1.11
2.1.1.12
2.1.1.13
2.1.1.2
2.1.1.3
2.1.1.4
2.1.1.5
2.1.1.6
2.1.1.7
2.1.1.8
2.1.1.9
2.2
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21
2.2.22
2.2.23
2.2.24
2.2.25
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.17
2.3.18
2.3.19
2.3.2
2.3.20
2.3.21
2.3.22
2.3.23
2.3.24
2.3.25
2.3.26
2.3.27
2.3.28
2.3.29
2.3.3
2.3.30
2.3.31
2.3.32
2.3.33
2.3.34
2.3.35
2.3.36
2.3.37
2.3.38
2.3.39
2.3.4
2.3.40
2.3.41
2.3.42
2.3.43
2.3.44
2.3.45
2.3.46
2.3.47
2.3.48
2.3.49
2.3.5
2.3.50
2.3.51
2.3.52
2.3.53
2.3.54
2.3.55
2.3.56
2.3.57
2.3.58
2.3.59
2.3.6
2.3.60
2.3.61
2.3.62
2.3.63
2.3.64
2.3.65
2.3.66
2.3.67
2.3.68
2.3.7
2.3.70
2.3.71
2.3.72
2.3.73
2.3.74
2.3.75
2.3.76
2.3.77
2.3.78
2.3.79
2.3.8
2.3.80
2.3.81
2.3.82
2.3.83
2.3.84
2.3.85
2.3.86
2.3.87
2.3.88
2.3.89
2.3.9
2.3.90
2.8.100
2.8.101
2.8.102
2.8.103
2.8.104
2.8.105
2.8.106
2.8.107
2.8.108
2.8.109
2.8.110
2.8.111
2.8.112
2.8.113
2.8.114
2.8.115
2.8.116
2.8.117
2.8.118
2.8.119
2.8.120
2.8.121
2.8.122
2.8.123
2.8.124
2.8.125
2.8.126
2.8.127
2.8.128
2.8.129
2.8.130
2.8.131
2.8.132
2.8.133
2.8.134
2.8.135
2.8.136
2.8.137
2.8.138
2.8.139
2.8.88
2.8.89
2.8.91
2.8.92
2.8.93
2.8.94
2.8.95
2.8.96
2.8.97
2.8.98
2.8.99

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12833.json"