What the vulnerability does
01Description
Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.
Explanation of Vulnerability in Simple Terms
Classified Listing through version 5.4.2 fails to properly check user permissions before allowing modifications to listings. A logged-in user with low privileges can alter or delete listings they should not have access to. The vulnerability does not expose sensitive data or crash the site, but allows unauthorized changes to content.
What an attacker can do
Modify or delete listings belonging to other users without permission.
Potential impact on your site
Users' listings can be altered or removed by other site members, damaging trust and data integrity.
Conditions required to exploit
Attacker must have a low-privilege account on the site (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities