cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forclassified-listing classified-listing

Direction: ascending
Jun 07, 2024

Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-3893

CVE, Research URL

CVE-2024-3893

Home page URL

Security reports for Classified Listing – Classified ads & Business Directory Plugin

Application

Classified Listing – Classified ads & Business Directory Plugin

Date
Apr 25, 2024
Research Description
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
Affected versions
max 3.0.11.
Status
vulnerable

Classified Listing – Classified ads & Business Directory Plugin # CVE-2022-2654

CVE, Research URL

CVE-2022-2654

Home page URL

Security reports for Classified Listing – Classified ads & Business Directory Plugin

Application

Classified Listing – Classified ads & Business Directory Plugin

Date
Sep 16, 2022
Research Description
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
Affected versions
max 2.2.14.
Status
vulnerable

Classified Listing – Classified ads & Business Directory Plugin # CVE-2023-37387

CVE, Research URL

CVE-2023-37387

Home page URL

Security reports for Classified Listing – Classified ads & Business Directory Plugin

Application

Classified Listing – Classified ads & Business Directory Plugin

Date
Jul 18, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.
Affected versions
max 2.4.6.
Status
vulnerable

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2024-1315

CVE, Research URL

CVE-2024-1315

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Apr 10, 2024
Research Description
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.
Affected versions
max 3.0.5.
Status
vulnerable

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2024-1352

CVE, Research URL

CVE-2024-1352

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Apr 10, 2024
Research Description
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
Affected versions
max 3.0.5.
Status
vulnerable
Sep 14, 2024

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2024-7888

CVE, Research URL

CVE-2024-7888

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Sep 13, 2024
Research Description
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.
Affected versions
max 3.1.8.
Status
vulnerable
Nov 15, 2024

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2024-52386

CVE, Research URL

CVE-2024-52386

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Nov 17, 2024
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.
Affected versions
max 3.1.17.
Status
vulnerable
Nov 20, 2024

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2024-11194

CVE, Research URL

CVE-2024-11194

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Nov 19, 2024
Research Description
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.
Affected versions
max 3.1.16.
Status
vulnerable
Feb 26, 2025

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-1063

CVE, Research URL

CVE-2025-1063

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Feb 25, 2025
Research Description
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens.
Affected versions
max 4.0.5.
Status
vulnerable
Apr 19, 2025

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-24745

CVE, Research URL

CVE-2025-24745

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Apr 17, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing allows Reflected XSS. This issue affects Classified Listing: from n/a through 4.0.1.
Affected versions
max 4.0.2.
Status
vulnerable
Jul 01, 2025

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-52715

CVE, Research URL

CVE-2025-52715

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Jun 20, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.
Affected versions
max 4.2.1.
Status
vulnerable
Aug 06, 2025

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-54698

CVE, Research URL

CVE-2025-54698

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Aug 14, 2025
Research Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0.
Affected versions
max 5.0.1.
Status
vulnerable
Sep 05, 2025

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-58601

CVE, Research URL

CVE-2025-58601

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Sep 03, 2025
Research Description
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.
Affected versions
max 5.0.7.
Status
vulnerable
Dec 10, 2025

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-12953

CVE, Research URL

CVE-2025-12953

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Nov 11, 2025
Research Description
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtcl_ajax_add_listing_type", "rtcl_ajax_update_listing_type", and "rtcl_ajax_delete_listing_type" function in all versions up to, and including, 5.2.0. This makes it possible for authenticated attackers, with subscriber level access and above, to add, update, or delete listing types.
Affected versions
max 5.2.1.
Status
vulnerable
Mar 30, 2026

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2026-23546

CVE, Research URL

CVE-2026-23546

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Mar 05, 2026
Research Description
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4.
Affected versions
max 5.3.4.
Status
vulnerable
Apr 24, 2026

Classified Listing – Classified ads &amp; Business Directory Plugin # CVE-2025-7711

CVE, Research URL

CVE-2025-7711

Home page URL

Security reports for Classified Listing – Classified ads &amp; Business Directory Plugin

Application

Classified Listing – Classified ads &amp; Business Directory Plugin

Date
Nov 18, 2025
Research Description
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions
max 5.0.4.
Status
vulnerable