CVE-2025-1063 in Classified Listing Plugin
Summary
by MITRE • 02/25/2025
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/25/2025
The classified listing plugin for wordpress presents a critical security vulnerability that exposes sensitive information to unauthenticated attackers through its rtcl_taxonomy_settings_export function. This flaw affects all versions up to and including 4.0.4, creating a significant risk for wordpress sites that rely on this plugin for managing classified advertisements and business directories. The vulnerability stems from improper access controls within the plugin's export functionality, which fails to validate user authentication status before exposing configuration data. Attackers can exploit this weakness to gain unauthorized access to potentially sensitive system information that should only be accessible to authorized administrators.
The technical implementation of this vulnerability resides in the rtcl_taxonomy_settings_export function which lacks proper authentication checks and authorization validation. When this function processes export requests, it does not verify whether the requesting user possesses the necessary privileges to access the exported data. This design flaw allows any remote attacker to submit requests to the export endpoint and receive sensitive information including api keys, authentication tokens, and other configuration parameters that could be used for further exploitation. The vulnerability represents a clear violation of the principle of least privilege and demonstrates inadequate input validation within the plugin's access control mechanisms.
The operational impact of this vulnerability extends beyond simple information disclosure, as the exposed data could enable attackers to escalate their privileges and conduct more sophisticated attacks against the affected wordpress installation. Api keys and tokens extracted through this vulnerability could potentially provide access to external services, payment gateways, or other integrated systems that rely on the same authentication credentials. This exposure creates opportunities for attackers to perform unauthorized transactions, access restricted administrative functions, or use the stolen credentials to pivot to other systems within the network infrastructure. The vulnerability also poses risks to business continuity and customer data protection, particularly for sites managing sensitive business directory information.
Organizations utilizing this plugin should immediately implement mitigations to address the sensitive information exposure vulnerability. The primary recommendation involves updating to the latest available version of the plugin where the vulnerability has been patched and access controls have been properly implemented. Additionally, administrators should review and restrict access to the plugin's export functionality through wp-admin permissions and consider implementing additional security measures such as rate limiting for export requests. Network-level protections including firewall rules that restrict access to specific endpoints and monitoring for unusual export activity can provide additional layers of defense. The vulnerability aligns with CWE-200, which addresses improper exposure of sensitive information, and could potentially be leveraged as part of broader attack patterns described in the ATT&CK framework under credential access and privilege escalation techniques.