WordPress Plugin Vulnerabilities

Classified Listing – Classified ads & Business Directory Plugin < 3.1.16 - Authenticated (Subscriber+) Limited Arbitrary Option Update

Description

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.

Affects Plugins

Plugin icon
classified-listing
Fixed in 3.1.16

References

CVE
CVE-2024-11194
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/13d9a59f-1a1a-4936-a5ab-8a5e0c50303b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Original Researcher
vgo0
Verified
No
WPVDB ID
f23f5e63-bb70-4d23-8fe9-99c18f9177d2

Timeline

Publicly Published
2024-11-18 (about 1 year ago)
Added
2024-11-18 (about 1 year ago)
Last Updated
2024-11-19 (about 1 year ago)

Other

Published
Title
Published
2022-02-15
Title
Relevanssi - Subscriber+ Unauthorised AJAX Calls
Published
2025-09-23
Title
MultiLoca < 4.2.9 - Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'
Published
2025-01-06
Title
Croma Music < 3.6.1 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax
Published
2023-12-26
Title
ProjectHuddle Client Site < 1.0.35 - Missing Authorization via ph_child_ajax_notice_handler
Published
2025-12-30
Title
Sunshine Photo Cart < 3.5.7.2 - Missing Authorization