WordPress Plugin Vulnerabilities

Classified Listing – AI-Powered Classified ads & Business Directory Plugin < 5.3.5 - Authenticated (Subscriber+) Sensitive Data Exposure

Description

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
classified-listing
Fixed in 5.3.5

References

CVE
CVE-2026-23546
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/abebfbc4-37ed-44d5-a35d-d6ad87346f3a

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
daroo
Verified
No
WPVDB ID
cd8525f2-2172-4a6b-8648-21ecf42e63be

Timeline

Publicly Published
2026-02-23 (about 2 months ago)
Added
2026-03-05 (about 2 months ago)
Last Updated
2026-03-05 (about 2 months ago)

Other

Published
Title
Published
2024-07-13
Title
UsersWP < 1.2.12 - Users Information Disclosure
Published
2021-09-22
Title
Ninja Forms < 3.5.8 - Unprotected REST-API to Sensitive Information Disclosure
Published
2024-06-20
Title
WP 2FA < 2.6.4 - Unauthenticated Information Exposure via Log File
Published
2023-12-28
Title
WP Stripe Checkout < 1.2.2.38 - Sensitive Information Exposure via Debug Log
Published
2024-03-07
Title
Simple Restrict < 1.2.7 - Missing Authorization to Sensitive Information Exposure