CVE Catalog

CVE-2026-57344

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The Classified Listing plugin for WordPress versions 5.4.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows an attacker to inject malicious JavaScript code without requiring authentication.

Risk Assessment

The risk includes potential session hijacking, redirection to malicious sites, or theft of sensitive data. The attack can affect all website visitors, including administrators.

Recommendation

Immediately update the Classified Listing plugin to the latest available version. If an update is not possible, consider temporarily disabling the plugin until a patch is released.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS