CVE-2024-7888

Name of the Vulnerable Software and Affected Versions The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress versions up to, and including, 3.1.7

Description The issue is related to unauthorized access due to a missing capability check on several functions, including export forms(), import forms(), and update fb options(). This allows authenticated attackers with subscriber-level access and above to modify forms and various other settings.

Recommendations For versions up to, and including, 3.1.7, consider disabling the export forms(), import forms(), and update fb options() functions as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.