What the vulnerability does
01Description
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
What the vulnerability does
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
Explanation of Vulnerability in Simple Terms
Classified Listing through version 5.3.9 fails to properly check user permissions before allowing access to sensitive operations. An authenticated user with low privileges can read, modify, or delete data they should not have access to. The vulnerability affects confidentiality, integrity, and availability of site data.
What an attacker can do
Read, modify, or delete listings and data they should not have access to.
Potential impact on your site
Unauthorized users can access, change, or remove classified listings and associated data.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources
Related vulnerabilities