Vulnerabilities and security researches foradvanced-classifieds-and-directory-pro advanced-classifieds-and-directory-pro

Jun 06, 2024

CVE, Research URL: 870611d9b23911eccb2d3ab769dfab800febf8c2
Home page URL: Security reports for Advanced Classifieds & Directory Pro
Application: Advanced Classifieds & Directory Pro
Date: Feb 28, 2022
Research Description: Advanced Classifieds & Directory Pro [advanced-classifieds-and-directory-pro] < 2.1.2 (closed) WordPress Advanced Classifieds & Directory Pro plugin < 1.8.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Advanced Classifieds & Directory Pro plugin (versions < 1.8.8).
Affected versions: max 2.1.2.
Status: vulnerable

CVE, Research URL: CVE-2024-2222
Home page URL: Security reports for Advanced Classifieds & Directory Pro
Application: Advanced Classifieds & Directory Pro
Date: Apr 10, 2024
Research Description: The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.
Affected versions: max 3.1.2.
Status: vulnerable

Jul 08, 2024

CVE, Research URL: CVE-2024-37501
Home page URL: Security reports for Advanced Classifieds & Directory Pro
Application: Advanced Classifieds & Directory Pro
Date: Jul 09, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3.
Affected versions: max 3.2.1.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Advanced Classifieds & Directory Pro
Application: Advanced Classifieds & Directory Pro
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.8.8.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-68580
Home page URL: Security reports for Advanced Classifieds & Directory Pro
Application: Advanced Classifieds & Directory Pro
Date: Dec 24, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9.
Affected versions: max 3.2.9.
Status: vulnerable