PT-2025-37159 · WordPress · Ultimate Classified Listings
Gilang
·
Published
2025-09-11
·
Updated
2025-09-16
·
CVE-2025-9874
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The Ultimate Classified Listings plugin for WordPress versions up to and including 1.6
Description
The Ultimate Classified Listings plugin for WordPress is susceptible to Local File Inclusion via the
uclwp dashboard shortcode. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary .php files on the server. This allows for the execution of PHP code within those files, potentially bypassing access controls and obtaining sensitive data.Recommendations
Update The Ultimate Classified Listings plugin to a version beyond 1.6.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ultimate Classified Listings