CVE Catalog
CVE-2026-57344
HighCVSS 7.1Summary
The Classified Listing plugin for WordPress versions 5.4.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows an attacker to inject malicious JavaScript code without requiring authentication.
Risk Assessment
The risk includes potential session hijacking, redirection to malicious sites, or theft of sensitive data. The attack can affect all website visitors, including administrators.
Recommendation
Immediately update the Classified Listing plugin to the latest available version. If an update is not possible, consider temporarily disabling the plugin until a patch is released.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.

