Primary

Context

Ultimate Classified Listings WordPress Plugin Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Ultimate Classified Listings WordPress plugin, all versions through 1.6, allowing authenticated users with Subscriber-level access and above to unauthorizedly modify plugin custom fields. This issue arises from a lack of proper capability checks in the save_custom_fields function, enabling these users to alter data that they should not have permission to change.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin custom fields, potentially allowing for manipulation of listing data or other related information.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Sep 11, 2025, 8:32 AM

Updated: Sep 11, 2025, 8:32 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ultimate Classified Listings WordPress Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ultimate Classified Listings

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating