CVE Catalog

CVE-2026-57355

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The Classified Listing plugin for WordPress versions 5.4.2 and earlier contains a broken access control vulnerability exploitable by subscribers. This allows users with the subscriber role to perform unauthorized actions.

Risk Assessment

The risk is that subscribers may gain unauthorized access to administrative functions or data, potentially leading to privilege escalation and compromise of site integrity.

Recommendation

It is recommended to immediately update the Classified Listing plugin to the latest available version that fixes this vulnerability. Also review user permissions and restrict subscriber roles to the minimum necessary.

Original NVD description (English source)

Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS