CVE-2025-32249: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in designinvento DirectoryPress, affecting versions through 3.6.19. The vulnerability was disclosed on April 4, 2025, and has been assigned identifier CVE-2025-32249. The affected software is the DirectoryPress WordPress plugin, which provides business directory and classified ad listing functionality (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The issue has been classified as CWE-352 (Cross-Site Request Forgery). The vulnerability requires user interaction but can be exploited without authentication (NVD, Patchstack).

This vulnerability could allow an attacker to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low to medium, with potential impacts on integrity and availability of the affected system (Patchstack).

At the time of disclosure, no official fix was available for this vulnerability. Users of affected versions (through 3.6.19) should monitor for updates and implement general CSRF protection measures (Patchstack).