CVE-2024-7888
📋 TL;DR
This vulnerability allows authenticated WordPress users with subscriber-level access or higher to modify forms and settings in the Classified Listing plugin due to missing capability checks. Attackers can export/import forms and change plugin configurations without proper authorization. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Classified Listing – Classified ads & Business Directory Plugin for WordPress
📦 What is this software?
Classified Listing by Radiustheme
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify form configurations to inject malicious code, steal user data submitted through forms, or completely compromise the plugin's functionality to serve malicious content.
Likely Case
Authenticated attackers modify form fields to collect sensitive information, alter business directory listings, or disrupt the classified ads functionality.
If Mitigated
With proper user role management and monitoring, impact is limited to unauthorized configuration changes that can be detected and reverted.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is in multiple AJAX endpoints that lack proper authorization checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.8 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3150743/classified-listing/trunk/app/Controllers/Ajax/FormBuilderAdminAjax.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Classified Listing' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.1.8+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDisable the vulnerable plugin until patched
wp plugin deactivate classified-listing
User Role Restriction
allTemporarily restrict subscriber-level users from accessing the site
🧯 If You Can't Patch
- Implement strict user role management and monitor for suspicious activity
- Add web application firewall rules to block access to vulnerable AJAX endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Classified Listing version. If version is 3.1.7 or lower, you are vulnerable.Check Version:
wp plugin get classified-listing --field=versionVerify Fix Applied:
Verify plugin version is 3.1.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to /wp-admin/admin-ajax.php with action parameters like export_forms, import_forms, update_fb_options from non-admin users
- Multiple form configuration changes from subscriber-level accounts
Network Indicators:
- POST requests to admin-ajax.php with plugin-specific actions from unauthorized user roles
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php") AND (http_method="POST") AND (user_role="subscriber" OR user_role="contributor") AND (form_data.action CONTAINS "export_forms" OR form_data.action CONTAINS "import_forms" OR form_data.action CONTAINS "update_fb_options")🔗 References
- https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.1.6/app/Controllers/Ajax/FormBuilderAdminAjax.php
- https://plugins.trac.wordpress.org/changeset/3150743/classified-listing/trunk/app/Controllers/Ajax/FormBuilderAdminAjax.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/494d2e69-0759-419a-a603-e8870c157e49?source=cve
