Clasifico Listing

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it possible for unauthenticated attackers to gain elevated privileges by registering an account with the administrator role.

AI Analysis

Unauthenticated privilege escalation vulnerability in Clasifico Listing plugin for WordPress, allowing attackers to gain elevated privileges by registering an account with the administrator role.

Basic Information

ID CVE-2025-12882

Source Wordfence

Published Feb 19, 2026 at 03:25

Affected Product

Vendor SmartDataSoft

Product Clasifico Listing

Version *

Affected Versions SmartDataSoft Clasifico Listing *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor SmartDataSoft

Product Clasifico Listing

Version 2.0

References

{
    "lastseen": "",
    "description": "The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it possible for unauthenticated attackers to gain elevated privileges by registering an account with the administrator role.",
    "published": "2026-02-19T03:25:15.804Z",
    "modified": "2026-02-19T03:25:15.804Z",
    "type": "cve",
    "title": "Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70fb90f0-1ca4-41fe-8638-cdd05747adae?source=cve\nhttps://themeforest.net/item/clasifico-classified-ads-wordpress-theme/33539482",
    "id": "CVE-2025-12882",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "SmartDataSoft Clasifico Listing *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Clasifico Listing",
    "version": "*",
    "vendor": "SmartDataSoft",
    "ai_description": "Unauthenticated privilege escalation vulnerability in Clasifico Listing plugin for WordPress, allowing attackers to gain elevated privileges by registering an account with the administrator role.",
    "ai_severity": "Critical",
    "ai_vendor": "SmartDataSoft",
    "ai_product": "Clasifico Listing",
    "ai_version": "2.0",
    "ai_score": 9.8
}

Clasifico Listing <= 2.0 - Unauthenticated Privilege Escalation_CVE-2025-12882