CVE-2025-10706

Name of the Vulnerable Software and Affected Versions Classified Pro versions up to and including 1.0.14

Description The Classified Pro theme for WordPress is susceptible to unauthorized plugin installation due to a missing capability check within the cwp addons update plugin cb function. This allows authenticated attackers with subscriber-level access or higher to install arbitrary plugins on the affected WordPress site. The installation of arbitrary plugins may lead to remote code execution. The required nonce for exploitation is found within the CubeWP Framework plugin.

Recommendations Update Classified Pro to a version newer than 1.0.14.