Classified Listing Plugin
Approved changes feed: RSS · Atom
cpe:2.3:a:techlabpro1:classified_listing_plugin:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Techlabpro1 (2cc459d3-827c-5e13-b7d9-c0144235c053) |
|---|---|
| Product | Classified Listing Plugin (d5b51290-5c36-5622-90e5-3dab47720f5e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-3893 |
vulnerable | 2026-06-08 06:43:51.763114 |
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
MEDIUM (4.3)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
Published: 2024-04-25T07:33:59.902Z
Updated: 2026-04-08T17:30:17.705Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1352 |
vulnerable | 2026-06-08 06:25:39.875441 |
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization
MEDIUM (6.5)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
Published: 2024-04-09T18:59:33.826Z
Updated: 2026-04-08T17:33:25.030Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11194 |
vulnerable | 2026-06-08 06:23:49.036113 |
Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update
HIGH (8.8)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.
Published: 2024-11-19T11:32:12.120Z
Updated: 2026-04-08T16:36:42.302Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.