2 matches found
WordPress Listar – Directory Listing & Classifieds WordPress Plugin plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Listar – Directory Listing & Classifieds versions = 3.0.0...
CVE-2025-12574
The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...