🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Classified Listing – Classified ads & Business Directory Plugin

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Classified Listing – Classified ads & Business Directory Plugin

Information

Software Type	Plugin
Software Slug	classified-listing (view on wordpress.org)
Software Status	Active
Software Author	techlabpro1
Software Website	radiustheme.com
Software Downloads	364,938
Software Active Installs	10,000
Software Record Last Updated	May 3, 2024

5 Vulnerabilities

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

5.3

CVE-2024-3893

Apr 24, 2024

Researcher: Lucio Sá

Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account

8.8

CVE-2024-1315

Apr 4, 2024

Researcher: Francesco Carlucci

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization

6.5

CVE-2024-1352

Apr 4, 2024

Researcher: Francesco Carlucci

Classified Listing <= 2.4.5 - Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete

4.3

CVE-2023-37387

Jul 5, 2023

Researcher: István Márton

Classima < 2.1.11 - Reflected Cross-Site Scripting

6.1

CVE-2022-2654

Aug 22, 2022

Researchers: Team ISH Tecnologia, Islan Ferreira

Title	CVE ID	CVSS	Researchers	Date
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion	CVE-2024-3893	5.3	Lucio Sá	April 24, 2024
Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account	CVE-2024-1315	8.8	Francesco Carlucci	April 4, 2024
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization	CVE-2024-1352	6.5	Francesco Carlucci	April 4, 2024
Classified Listing <= 2.4.5 - Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete	CVE-2023-37387	4.3	István Márton	July 5, 2023
Classima < 2.1.11 - Reflected Cross-Site Scripting	CVE-2022-2654	6.1	Team ISH Tecnologia, Islan Ferreira	August 22, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation