Vulnerabilities and security researches forclassified-listing classified-listing
Direction: descendingClassified Listing – Classified ads & Business Directory Plugin # CVE-2025-24745
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Apr 17, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing allows Reflected XSS. This issue affects Classified Listing: from n/a through 4.0.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2025-1063
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Feb 25, 2025
- Research Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-11194
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Nov 19, 2024
- Research Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-52386
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Nov 17, 2024
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through 3.1.15.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-7888
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Sep 13, 2024
- Research Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-3893
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Apr 25, 2024
- Research Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2022-2654
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Sep 16, 2022
- Research Description
- The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2023-37387
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Jul 18, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-1315
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Apr 10, 2024
- Research Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Classified Listing – Classified ads & Business Directory Plugin # CVE-2024-1352
- CVE, Research URL
- Home page URL
-
Security reports for Classified Listing – Classified ads & Business Directory Plugin
- Date
- Apr 10, 2024
- Research Description
- The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable