Description
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
Published: 2026-07-02
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated Cross Site Scripting flaw in the RadiusTheme Classified Listing WordPress plugin versions 5.4.2 and earlier. Input supplied by a visitor can be injected into the site’s output as malicious script, allowing an attacker to execute code in a victim’s browser. This can lead to session hijacking, defacement, or the exfiltration of sensitive data, as the flaw falls under CWE‑79.

Affected Systems

WordPress sites that have installed the RadiusTheme Classified Listing plugin version 5.4.2 or any earlier release are affected. The issue is limited to that plugin; other WordPress components are not implicated.

Risk and Exploitability

The CVSS score of 7.1 indicates a high risk to confidentiality, integrity, and availability. Because the flaw is unauthenticated, any visitor can exploit it, making the attack vector likely to be a simple crafted URL or form submission. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, so current exploitation data is limited, but the potential for widespread impact remains high.

Generated by OpenCVE AI on July 2, 2026 at 15:21 UTC.

Remediation

Vendor Solution

Update the WordPress Classified Listing Plugin to the latest available version (at least 5.4.3).


OpenCVE Recommended Actions

  • Update the WordPress Classified Listing Plugin to version 5.4.3 or later, which removes the XSS flaw.
  • Restart or refresh the WordPress site’s cache so that no residual malicious content is served to visitors.
  • Once the update is applied, verify that no unescaped user input from the plugin is rendered in the browser.

Generated by OpenCVE AI on July 2, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Radiustheme
Radiustheme classified Listing
Wordpress
Wordpress wordpress
Vendors & Products Radiustheme
Radiustheme classified Listing
Wordpress
Wordpress wordpress

Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
Title WordPress Classified Listing plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}


Subscriptions

Radiustheme Classified Listing
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T15:53:33.162Z

Reserved: 2026-06-24T12:45:24.971Z

Link: CVE-2026-57344

cve-icon Vulnrichment

Updated: 2026-07-02T13:33:38.052Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:30:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')