The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993 | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jun 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993 - Exploit, Third Party Advisory | |
| CWE |
27 Sep 2024, 12:41
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:radiustheme:classified_listing_pro_-_classified_ads_\&_business_directory:*:*:*:*:*:wordpress:*:* |
cpe:2.3:a:radiustheme:classified_listing:*:*:*:*:*:wordpress:*:* |
| First Time |
Radiustheme classified Listing
|
Information
Published : 2022-09-16 09:15
Updated : 2025-06-05 19:15
NVD link : CVE-2022-2654
Mitre link : CVE-2022-2654
JSON object : View
Products Affected
radiustheme
- classified_listing
- classima
- classima_core
- classified_listing_store_\&_membership
CWE
No CWE.