Classified Listing
by WordPress
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12882 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it… | ||
| CVE-2024-1315 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2024 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function.… | ||
| CVE-2024-11194 | Hig | 0.50 | 8.8 | 0.01 | Nov 19, 2024 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and… | ||
| CVE-2025-52715 | Hig | 0.49 | 7.5 | 0.00 | Jun 20, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 4.2.0. | ||
| CVE-2026-42658 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions. | ||
| CVE-2026-42640 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions. | ||
| CVE-2026-42679 | Med | 0.42 | 6.5 | 0.00 | Jun 1, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8. | ||
| CVE-2024-1352 | Med | 0.42 | 6.5 | 0.01 | Apr 9, 2024 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and… | ||
| CVE-2026-42651 | Med | 0.41 | 6.3 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. | ||
| CVE-2025-7711 | Med | 0.35 | 5.4 | 0.00 | Nov 17, 2025 | The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly… | ||
| CVE-2024-52386 | Med | 0.35 | 5.3 | 0.00 | Nov 16, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 3.1.16. | ||
| CVE-2025-58601 | Med | 0.28 | 4.3 | 0.00 | Sep 3, 2025 | Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6. | ||
| CVE-2026-7563 | Med | 0.21 | 4.3 | 0.00 | May 15, 2026 | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an… | ||
| CVE-2025-12953 | Med | 0.21 | 4.3 | 0.00 | Nov 11, 2025 | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtcl_ajax_add_listing_type", "rtcl_ajax_update_listing_type", and… | ||
| CVE-2024-3893 | Med | 0.21 | 4.3 | 0.00 | Apr 25, 2024 | The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it… | ||
| CVE-2026-10779 | 0.00 | — | 0.00 | Jun 19, 2026 | The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the gallery_image_update_as_feature AJAX handler… | |||
| CVE-2024-12725 | 0.00 | — | 0.00 | May 15, 2025 | The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |||
| CVE-2023-37387 | 0.00 | — | 0.00 | Jul 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. | |||
| CVE-2022-2654 | 0.00 | — | 0.00 | Sep 16, 2022 | The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it… |
- risk 0.64cvss 9.8epss 0.00
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it…
- risk 0.57cvss 8.8epss 0.00
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function.…
- risk 0.50cvss 8.8epss 0.01
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and…
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 4.2.0.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
- risk 0.42cvss 6.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8.
- risk 0.42cvss 6.5epss 0.01
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and…
- risk 0.41cvss 6.3epss 0.00
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
- risk 0.35cvss 5.4epss 0.00
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly…
- risk 0.35cvss 5.3epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 3.1.16.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6.
- risk 0.21cvss 4.3epss 0.00
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an…
- risk 0.21cvss 4.3epss 0.00
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtcl_ajax_add_listing_type", "rtcl_ajax_update_listing_type", and…
- risk 0.21cvss 4.3epss 0.00
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it…
- CVE-2026-10779Jun 19, 2026risk 0.00cvss —epss 0.00
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the gallery_image_update_as_feature AJAX handler…
- CVE-2024-12725May 15, 2025risk 0.00cvss —epss 0.00
The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
- CVE-2023-37387Jul 18, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.
- CVE-2022-2654Sep 16, 2022risk 0.00cvss —epss 0.00
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it…