Classified Listing – Classified ads & Business Directory Plugin

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Basic Information

ID CVE-2025-7711

Source Wordfence

Published Nov 17, 2025 at 22:27

Affected Product

Vendor techlabpro1

Product Classified Listing – AI-Powered Classified ads & Business Directory Plugin

Version *

Affected Versions techlabpro1 Classified Listing – AI-Powered Classified ads & Business Directory Plugin *

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "The The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.",
    "published": "2025-11-17T22:27:44.762Z",
    "modified": "2025-11-17T22:27:44.762Z",
    "type": "cve",
    "title": "Classified Listing \u2013 Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b10db9-0c7c-4f13-9d98-6d407446cfb8?source=cve\nhttps://plugins.trac.wordpress.org/browser/classified-listing/tags/5.0.2/app/Controllers/Hooks/FilterHooks.php#L367",
    "id": "CVE-2025-7711",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "techlabpro1 Classified Listing \u2013 AI-Powered Classified ads & Business Directory Plugin *",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Classified Listing \u2013 AI-Powered Classified ads & Business Directory Plugin",
    "version": "*",
    "vendor": "techlabpro1",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description_CVE-2025-7711