What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4.
Explanation of Vulnerability in Simple Terms
02Summary
Classified Listing versions up to 5.3.4 expose sensitive information to authenticated users. An attacker with a low-privilege account can read data they should not have access to. The vulnerability does not allow modification or deletion of data, only unauthorized viewing. Update to a version newer than 5.3.4.
What an attacker can do
03Attacker Capabilities
Read sensitive data belonging to other users or restricted areas of the site.
Potential impact on your site
04Site Impact
User data and private listings may be exposed to other registered users with basic accounts.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
06Disclosure timeline
March 5, 2026
CVE published
April 28, 2026
Record updated