CVE Catalog
CVE-2026-57355
MediumCVSS 6.5Summary
The Classified Listing plugin for WordPress versions 5.4.2 and earlier contains a broken access control vulnerability exploitable by subscribers. This allows users with the subscriber role to perform unauthorized actions.
Risk Assessment
The risk is that subscribers may gain unauthorized access to administrative functions or data, potentially leading to privilege escalation and compromise of site integrity.
Recommendation
It is recommended to immediately update the Classified Listing plugin to the latest available version that fixes this vulnerability. Also review user permissions and restrict subscriber roles to the minimum necessary.
Original NVD description (English source)
Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.

