What is GHSA-wh75-4gj8-68pm?

GHSA-wh75-4gj8-68pm is a security advisory published by GitHub Security Advisories with Medium severity. The Classified Listing – AI-Powered Classified ads \u0026 Business Directory Plugin plugin for...

Which CVE IDs does GHSA-wh75-4gj8-68pm cover?

GHSA-wh75-4gj8-68pm covers the following CVE IDs: CVE-2026-7563. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-wh75-4gj8-68pm?

GHSA-wh75-4gj8-68pm has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-wh75-4gj8-68pmMediumCVSS 4.3

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-7563 →

📋 Description

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to add arbitrary notes to any order and trigger unsolicited notification and moderation emails to listing owners without administrative authorization.

🔗 References (16)

https://nvd.nist.gov/vuln/detail/CVE-2026-7563
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.10/app/Controllers/Admin/ScriptLoader.php#L672
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.10/app/Controllers/Ajax/ListingAdminAjax.php#L48
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.10/app/Controllers/Hooks/Comments.php#L51
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.10/app/Controllers/Hooks/Comments.php#L63
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.7/app/Controllers/Admin/ScriptLoader.php#L672
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.7/app/Controllers/Ajax/ListingAdminAjax.php#L48
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.7/app/Controllers/Hooks/Comments.php#L51
https://plugins.trac.wordpress.org/browser/classified-listing/tags/5.3.7/app/Controllers/Hooks/Comments.php#L63
https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Admin/ScriptLoader.php#L672
https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Ajax/ListingAdminAjax.php#L48
https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Hooks/Comments.php#L51
https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Hooks/Comments.php#L63
https://plugins.trac.wordpress.org/changeset/3527717
https://www.wordfence.com/threat-intel/vulnerabilities/id/07cb3d57-d768-49a5-8af0-9dc4384487d5?source=cve
https://github.com/advisories/GHSA-wh75-4gj8-68pm