CVE-2025-12953 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering

🗓️ 11 Nov 2025 11:03:45Reported by WordfenceType

CVE-2025-12953: Subscribers can modify listing types due to missing checks in Classified Listing plugin <=5.2.0.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-12953	11 Nov 202512:04	–	circl
CNNVD	WordPress plugin Classified Listing – AI-Powered Classified ads & Business Directory Plugin 安全漏洞	11 Nov 202500:00	–	cnnvd
CVE	CVE-2025-12953	11 Nov 202511:03	–	cve
EUVD	EUVD-2025-84361	11 Nov 202512:30	–	euvd
NVD	CVE-2025-12953	11 Nov 202511:15	–	nvd
Patchstack	WordPress Classified Listing plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering vulnerability	11 Nov 202501:25	–	patchstack
Positive Technologies	PT-2025-46325	11 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12953	12 Nov 202512:06	–	redhatcve
Vulnrichment	CVE-2025-12953 Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering	11 Nov 202511:03	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025)	20 Nov 202516:10	–	wordfence

[
  {
    "vendor": "techlabpro1",
    "product": "Classified Listing – AI-Powered Classified ads & Business Directory Plugin",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "5.2.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3389342/classified-listing/trunk/app/Controllers/Ajax/AjaxListingType.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/811f147e-5829-4f7e-91d8-9dba780950d5

08 Apr 2026 17:03Current

CVSS 3.14.3

EPSS0.00194

CWE-862