GCVE - cpe:2.3:a:radiustheme:classified_listing:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:radiustheme:classified_listing:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Radiustheme (`0725c1b0-e09b-5bd8-8b3b-7e2c6e70aedf`)
Product	Classified Listing (`219bf1e5-c10c-5978-8ef8-f7b1d82c4cbd`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7888`	vulnerable	2026-06-03 14:58:07.550866	Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization MEDIUM (6.3) The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings. Published: 2024-09-13T06:47:26.961Z Updated: 2026-04-08T16:50:27.216Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/494d2e69-0759-419a-a603-e8870c157e49?source=cve https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.1.6/app/Controllers/Ajax/FormBuilderAdminAjax.php https://plugins.trac.wordpress.org/changeset/3150743/classified-listing/trunk/app/Controllers/Ajax/FormBuilderAdminAjax.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-37387`	vulnerable	2026-06-03 14:52:28.800373	WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (5.4) Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. Published: 2023-07-18T12:14:15.680Z Updated: 2026-04-28T16:08:32.096Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/classified-listing/wordpress-classified-listing-plugin-2-4-5-cross-site-request-forgery-csrf-leading-to-thumbnail-removal-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2655`	vulnerable	2026-06-03 14:47:06.853348	Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting Published: 2022-09-16T08:40:31.000Z Updated: 2024-08-03T00:46:03.372Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2654`	vulnerable	2026-06-03 14:47:06.849809	Classima < 2.1.11 - Reflected Cross-Site Scripting The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting Published: 2022-09-16T08:40:31.000Z Updated: 2025-06-05T18:18:42.406Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Classified Listing

PURL mappings

Vulnerability references

Contribute