VYPR

Classified Listing

by WordPress

Source repositories

CVEs (19)

  • CVE-2025-12882CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it…

  • CVE-2024-1315HigApr 9, 2024
    risk 0.57cvss 8.8epss 0.00

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function.…

  • CVE-2024-11194HigNov 19, 2024
    risk 0.50cvss 8.8epss 0.01

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and…

  • CVE-2025-52715HigJun 20, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 4.2.0.

  • CVE-2026-42658HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.

  • CVE-2026-42640MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.

  • CVE-2026-42679MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8.

  • CVE-2024-1352MedApr 9, 2024
    risk 0.42cvss 6.5epss 0.01

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and…

  • CVE-2026-42651MedJun 15, 2026
    risk 0.41cvss 6.3epss 0.00

    Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.

  • CVE-2025-7711MedNov 17, 2025
    risk 0.35cvss 5.4epss 0.00

    The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly…

  • CVE-2024-52386MedNov 16, 2024
    risk 0.35cvss 5.3epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 3.1.16.

  • CVE-2025-58601MedSep 3, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6.

  • CVE-2026-7563MedMay 15, 2026
    risk 0.21cvss 4.3epss 0.00

    The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an…

  • CVE-2025-12953MedNov 11, 2025
    risk 0.21cvss 4.3epss 0.00

    The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtcl_ajax_add_listing_type", "rtcl_ajax_update_listing_type", and…

  • CVE-2024-3893MedApr 25, 2024
    risk 0.21cvss 4.3epss 0.00

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it…

  • CVE-2026-10779Jun 19, 2026
    risk 0.00cvss epss 0.00

    The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the gallery_image_update_as_feature AJAX handler…

  • CVE-2024-12725May 15, 2025
    risk 0.00cvss epss 0.00

    The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2023-37387Jul 18, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.

  • CVE-2022-2654Sep 16, 2022
    risk 0.00cvss epss 0.00

    The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it…