Product:

Classified_listing

(Radiustheme)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 5
Date Id Summary Products Score Patch Annotated
2022-09-16 CVE-2022-2654 The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting Classified_listing, Classified_listing_store_\&_membership, Classima, Classima_core 6.1
2024-04-09 CVE-2024-1315 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtcl_update_user_account' function. This makes it possible for unauthenticated attackers to change the administrator user's password and email address via a forged request granted they can trick a site administrator into performing an action such as... Classified_listing N/A
2024-04-09 CVE-2024-1352 The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. Classified_listing 5.3
2022-09-16 CVE-2022-2655 The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting Classified_listing 6.1
2023-07-18 CVE-2023-37387 Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. Classified_listing 8.8