Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical0
High2
Medium7
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2025-11-18

CVE-2025-7711 - Classified Listing Plugin

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

PLUGIN Classified Listing

CVE-2025-7711

MEDIUM CVSS 5.4 2025-11-17
Open Full Technical Breakdown
Threat Entry Updated 2025-02-28

CVE-2025-1063 - Classified Listing Plugin

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens.

PLUGIN Classified Listing

CVE-2025-1063

MEDIUM CVSS 5.3 2025-02-25
Open Full Technical Breakdown
Threat Entry Updated 2024-11-19

CVE-2024-11194 - Classified Listing Plugin

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in…

PLUGIN Classified Listing

CVE-2024-11194

HIGH CVSS 8.8 2024-11-19
Open Full Technical Breakdown
Threat Entry Updated 2025-11-06

CVE-2024-7888 - Classified Listing Plugin

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.

PLUGIN Classified Listing

CVE-2024-7888

MEDIUM CVSS 6.3 2024-09-13
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2024-3893 - Classified Listing Plugin

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.

PLUGIN Classified Listing

CVE-2024-3893

MEDIUM CVSS 5.3 2024-04-25
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-1315 - Classified Listing Plugin

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting…

PLUGIN Classified Listing

CVE-2024-1315

HIGH CVSS 8.8 2024-04-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-17

CVE-2024-1352 - Classified Listing Plugin

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.

PLUGIN Classified Listing

CVE-2024-1352

MEDIUM CVSS 6.5 2024-04-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2655 - Classified Listing Plugin

The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Classified Listing

CVE-2022-2655

MEDIUM CVSS 6.1 2022-09-16
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2022-2654 - Classified Listing Plugin

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

PLUGIN Classified Listing

CVE-2022-2654

MEDIUM CVSS 6.1 2022-09-16
Open Full Technical Breakdown
Scroll to top