Filtered by vendor Cridio Studio
Subscriptions
Filtered by product Classifiedpro
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10706 | 2 Cridio Studio, Wordpress | 2 Classifiedpro, Wordpress | 2025-10-21 | 8.8 High |
| The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible. Note: The required nonce for the vulnerability is in the CubeWP Framework plugin. | ||||
Page 1 of 1.