CVE-2024-11194
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify certain WordPress options, potentially escalating their privileges to Administrator. Attackers can exploit this to gain full administrative control over vulnerable WordPress sites. All sites using the Classified Listing plugin version 3.1.15.1 or earlier are affected.
💻 Affected Systems
- Classified Listing – Classified ads & Business Directory Plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain Administrator access, install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers escalate privileges to Administrator and maintain persistent access to compromise the site and potentially other systems.
If Mitigated
Limited impact if proper access controls, monitoring, and least privilege principles are implemented.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Subscriber credentials. The vulnerability is publicly documented with code references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.1.15.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3189516/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Classified Listing' plugin. 4. Click 'Update Now' if available, or manually update to version 3.1.15.2+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Classified Listing plugin until patched.
wp plugin deactivate classified-listing
Restrict user registration
allDisable new user registration to prevent attackers from creating Subscriber accounts.
Set WordPress Settings → General → Membership to 'Anyone can register' = OFF
🧯 If You Can't Patch
- Implement strict access controls and monitor all user accounts, especially those with Subscriber role.
- Use web application firewall (WAF) rules to block requests to the vulnerable 'rtcl_import_settings' function.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Classified Listing' version 3.1.15.1 or earlier.Check Version:
wp plugin get classified-listing --field=versionVerify Fix Applied:
Confirm plugin version is 3.1.15.2 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=rtcl_import_settings
- User role changes from Subscriber to Administrator
- Suspicious option modifications in wp_options table
Network Indicators:
- HTTP requests containing 'rtcl_import_settings' parameter from non-admin users
SIEM Query:
source="wordpress.log" AND "rtcl_import_settings" AND user_role="subscriber"🔗 References
- https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.1.12/app/Controllers/Ajax/Import.php#L309
- https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.1.12/app/Controllers/Ajax/Import.php#L473
- https://plugins.trac.wordpress.org/changeset/3189516/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/13d9a59f-1a1a-4936-a5ab-8a5e0c50303b?source=cve
