CVE-2026-7563

216.73.217.22

· Published 15/05/2026 09:16 · Modified 15/05/2026 14:09

Labels: CVE-2026-7563 2026-05-15 CVE-2026-7563 CWE-862 [email protected]

Essential information

Published: 15/05/2026 09:16
Modified: 15/05/2026 14:09
Author: —
Creator: —
CVSS: 4.3 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to add arbitrary notes to any order and trigger unsolicited notification and moderation emails to listing owners without administrative authorization.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
wordpress / classified listing plugin	`cpe:2.3:a:wordpress:classified_listing_plugin::::::wordpress::*`
wordpress / classified listing plugin	`cpe:2.3:a:wordpress:classified_listing_plugin:<5.3.10:::::wordpress::`