cleantalk
Vulnerabilities and Security Researches

Classified Listing – Classified ads & Business Directory Plugin, CVE-2025-12953

CVE, Research URL

CVE-2025-12953

Home page URL

Security reports for Classified Listing – Classified ads & Business Directory Plugin

Application

Classified Listing – Classified ads & Business Directory Plugin

Published on
Nov 11, 2025
Research Description
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "rtcl_ajax_add_listing_type", "rtcl_ajax_update_listing_type", and "rtcl_ajax_delete_listing_type" function in all versions up to, and including, 5.2.0. This makes it possible for authenticated attackers, with subscriber level access and above, to add, update, or delete listing types.
Affected versions
max 5.2.1.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
New vulnerability
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-63044) , Dec 11, 2025
CSS3 Buttons (CVE-2025-13907) , Dec 11, 2025
Booster for WooCommerce (CVE-2025-64380) , Dec 11, 2025
Booster for WooCommerce (CVE-2025-64379) , Dec 11, 2025
Custom Sidebars by ProteusThemes (CVE-2025-62733) , Dec 11, 2025