PT-2026-20588 · WordPress · Clasifico Listing
Alyudin Nafiie
·
Published
2026-02-19
·
Updated
2026-02-23
·
CVE-2025-12882
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Clasifico Listing plugin for WordPress versions prior to 2.1
Description
The Clasifico Listing plugin for WordPress allows users registering new accounts to set their own role using the
listing user role parameter. This can allow unauthenticated attackers to gain elevated privileges, including administrator access, by registering an account with a higher role.Recommendations
Update to version 2.1 or later.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clasifico Listing