Classified Listing
Approved changes feed: RSS · Atom
cpe:2.3:a:radiustheme:classified_listing:*:*:*:*:-:wordpress:*:*
part: a version: * update: *
| Vendor | Radiustheme (0725c1b0-e09b-5bd8-8b3b-7e2c6e70aedf) |
|---|---|
| Product | Classified Listing (219bf1e5-c10c-5978-8ef8-f7b1d82c4cbd) |
| Edition | * |
| Language | * |
| Software edition | - |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-1063 |
vulnerable | 2026-06-03 14:58:57.661391 |
Classified Listing – Classified ads & Business Directory Plugin <= 4.0.4 - Unauthenticated Settings Exposure
MEDIUM (5.3)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens.
Published: 2025-02-25T06:58:31.877Z
Updated: 2026-04-08T17:30:16.994Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3893 |
vulnerable | 2026-06-03 14:56:32.299172 |
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
MEDIUM (4.3)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
Published: 2024-04-25T07:33:59.902Z
Updated: 2026-04-08T17:30:17.705Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1352 |
vulnerable | 2026-06-03 14:54:26.748588 |
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization
MEDIUM (6.5)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
Published: 2024-04-09T18:59:33.826Z
Updated: 2026-04-08T17:33:25.030Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1315 |
vulnerable | 2026-06-03 14:54:26.677393 |
Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account
HIGH (8.8)
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.
Published: 2024-04-09T18:58:48.332Z
Updated: 2026-04-08T16:53:17.072Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.