VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Sep 10, 2025

Ultimate Classified Listings Vulnerabilities

Review known vulnerability records for the WordPress plugin Ultimate Classified Listings (`ultimate-classified-listings`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-9874, CVE-2025-0763 and CVE-2024-13748, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
3
Patch Coverage
100%
Last Updated
Nov 06, 2025
Priority CVE Quick Links

Fast paths into Ultimate Classified Listings CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2024-52448 High No patch listed
CVE-2024-52448 Ultimate Classified Listings Local File Inclusion

Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

CVE-2024-13753 High 1.6
CVE-2024-13753 Ultimate Classified Listings Cross-Site Request Forgery

Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery to Account Takeover

CVE-2025-9874 High 1.7
CVE-2025-9874 Ultimate Classified Listings Local File Inclusion

Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

CVE-2024-52487 Medium No patch listed
CVE-2024-52487 Ultimate Classified Listings Stored Cross-Site Scripting

Ultimate Classified Listings <= 1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting

CVE-2024-6529 Medium 1.4
CVE-2024-6529 Ultimate Classified Listings Cross-Site Scripting

Ultimate Classified Listings <= 1.3 - Reflected Cross-Site Scripting

CVE-2024-5882 Medium 1.4
CVE-2024-5882 Ultimate Classified Listings Local File Inclusion

Ultimate Classified Listings <= 1.3 - Unauthenticated Local File Inclusion

CVE-2024-5883 Medium 1.3
CVE-2024-5883 Ultimate Classified Listings Cross-Site Scripting

Ultimate Classified Listings <= 1.2 - Reflected Cross-Site Scripting

CVE-2024-13748 Medium 1.5
CVE-2024-13748 Ultimate Classified Listings Stored Cross-Site Scripting

Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Ultimate Classified Listings so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 3 high severity findings.
Recent CVEs
CVE-2025-9874, CVE-2025-0763 and CVE-2024-13748
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Ultimate Classified Listings

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2025-9874
CVE-2025-9874: Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwp_dashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and e...

Published
Sep 10, 2025
Patched Release
1.7
Affected Versions
Versions up to 1.6
Next Step
Update to 1.7 or newer if supported.
Open CVE-2025-9874 Report Open CVE Reference
Plugin Medium Patched: No CVE-2025-0763
CVE-2025-0763: Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_custom_fields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscr...

Published
Sep 10, 2025
Patched Release
Not published
Affected Versions
Versions up to 1.7
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-0763 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13748
CVE-2024-13748: Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

Published
Feb 19, 2025
Patched Release
1.5
Affected Versions
Versions up to 1.4
Next Step
Update to 1.5 or newer if supported.
Open CVE-2024-13748 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13753
CVE-2024-13753: Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery to Account Takeover

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers t...

Published
Feb 19, 2025
Patched Release
1.6
Affected Versions
Versions up to 1.5
Next Step
Update to 1.6 or newer if supported.
Open CVE-2024-13753 Report Open CVE Reference
Plugin Medium Patched: No CVE-2024-52487
CVE-2024-52487: Ultimate Classified Listings <= 1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access an...

Published
Nov 19, 2024
Patched Release
Not published
Affected Versions
Versions up to 1.6
Next Step
Open the full report for remediation notes and references.
Open CVE-2024-52487 Report Open CVE Reference
Plugin High Patched: No CVE-2024-52448
CVE-2024-52448: Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, al...

Published
Nov 18, 2024
Patched Release
Not published
Affected Versions
Versions up to 1.6
Next Step
Open the full report for remediation notes and references.
Open CVE-2024-52448 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6529
CVE-2024-6529: Ultimate Classified Listings <= 1.3 - Reflected Cross-Site Scripting

The Ultimate Classified Listings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Published
Jul 11, 2024
Patched Release
1.4
Affected Versions
Versions up to 1.3
Next Step
Update to 1.4 or newer if supported.
Open CVE-2024-6529 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5882
CVE-2024-5882: Ultimate Classified Listings <= 1.3 - Unauthenticated Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3 via the 'ucl_page' and 'layout' parameters. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the ser...

Published
Jul 08, 2024
Patched Release
1.4
Affected Versions
Versions up to 1.3
Next Step
Update to 1.4 or newer if supported.
Open CVE-2024-5882 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5883
CVE-2024-5883: Ultimate Classified Listings <= 1.2 - Reflected Cross-Site Scripting

The Ultimate Classified Listings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Published
Jul 08, 2024
Patched Release
1.3
Affected Versions
Versions up to 1.2
Next Step
Update to 1.3 or newer if supported.
Open CVE-2024-5883 Report Open CVE Reference