Description

WordPress Plugin Advanced Classifieds & Directory Pro is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Advanced Classifieds & Directory Pro version 3.1.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.2.1 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-classifieds-and-directory-pro/advanced-classifieds-directory-pro-313-authenticated-contributor-local-file-inclusion

https://plugins.svn.wordpress.org/advanced-classifieds-and-directory-pro/trunk/README.txt

Related Vulnerabilities

WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Multiple Vulnerabilities (7.5.14)

WordPress Plugin Fetch Tweets Cross-Site Scripting (2.6.4)

WordPress Plugin WordPress Download Manager Multiple Vulnerabilities (2.8.7)

WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)

Severity

High

Classification

CVE-2024-37501 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update File Inclusion