Primary

Context

WordPress Classified Listing Plugin Code Injection Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability allowing code injection has been identified in the WordPress Classified Listing plugin, affecting versions through 5.0.0. This vulnerability arises from improper handling of script-related HTML tags, which could enable a malicious actor to inject content into the website's pages or posts. Such an injection could be exploited to introduce phishing pages or other harmful content.

Impact

Exploitation of this vulnerability could lead to unauthorized content injection, allowing for the insertion of malicious or deceptive material into the affected website's pages or posts.

Remediation

Users of the WordPress Classified Listing plugin should update to version 5.0.1 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Aug 14, 2025, 11:42 AM

Updated: Aug 14, 2025, 11:42 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Classified Listing Plugin Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

RadiusTheme Classified Listing

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating