Classified Listing – Classified ads & Business Directory Plugin < 3.1.8 – Missing Authorization | CVE 2024-7888 | Plugin Vulnerabilities

Description

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.

Affects Plugins

classified-listing

Fixed in 3.1.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/494d2e69-0759-419a-a603-e8870c157e49

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lucio Sá

Verified

No

WPVDB ID

b95852d8-1983-4da7-84cc-71f5da7c5f54

Timeline

Publicly Published

2024-09-12 (about 1 year ago)

Added

2024-09-12 (about 1 year ago)

Last Updated

2024-09-13 (about 1 year ago)

Other

Published

Title

Published

2026-04-23

Title

Metro Magazine < 1.4.2 - Missing Authorization

Published

2022-07-12

Title

Discy < 5.0 - Subscriber+ Broken Access Control to change settings

Published

2026-01-15

Title

Essential Addons for Elementor < 6.5.6 - Unauthenticated Sensitive Information Exposure

Published

2021-12-08

Title

WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update

Published

2023-09-05

Title

WP Directory Kit < 1.2.7 - Missing Authorization