WP-Safety

WP Classifieds Listings Security & Risk Analysis

wordpress.org/plugins/wp-classifieds-listings

Allow registered users to post classifieds directly to your site; manage classifieds from the WordPress admin panel.

10 active installs v1.0 PHP + WP 3.0+ Updated Mar 9, 2018
classifiedclassified-listclassified-listingsclassified-managerclassifieds-management
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Classifieds Listings Safe to Use in 2026?

Generally Safe

Score 85/100

WP Classifieds Listings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The wp-classifieds-listings v1.0 plugin demonstrates a mixed security posture. While it shows good practices like a high percentage of prepared SQL statements and a significant number of nonce and capability checks, there are notable areas of concern. The presence of 2 AJAX handlers without authentication checks represents a direct attack surface that could be exploited if these handlers are vulnerable to unauthorized execution.

Taint analysis reveals 10 high-severity flows with unsanitized paths. This is a significant risk, as it indicates potential for injection vulnerabilities where user-supplied data could be used in sensitive operations without proper validation or sanitization. The lack of recorded historical vulnerabilities is positive, but it does not negate the risks identified in the current static analysis. The plugin also bundles an outdated version of jQuery, which is a potential vector for client-side attacks if vulnerabilities exist in that specific version.

Overall, the plugin has strengths in its SQL handling and permission checks, but the identified high-severity taint flows and unprotected AJAX endpoints are critical vulnerabilities that require immediate attention. The outdated bundled library adds another layer of risk. While there are no known CVEs, the internal code analysis reveals significant weaknesses that could be exploited.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized paths in taint flows
  • Bundled outdated jQuery library
Vulnerabilities
None known

WP Classifieds Listings Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Classifieds Listings Code Analysis

Dangerous Functions
0
Raw SQL Queries
20
188 prepared
Unescaped Output
266
312 escaped
Nonce Checks
23
Capability Checks
25
File Operations
5
External Requests
2
Bundled Libraries
1

Bundled Libraries

jQuery3.2.1

SQL Query Safety

90% prepared208 total queries

Output Escaping

54% escaped578 total outputs
Data Flows
15 unsanitized

Data Flow Analysis

25 flows15 with unsanitized paths
xyz_cls_categorybox (admin\metabox.php:446)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Classifieds Listings Attack Surface

Entry Points20
Unprotected2

AJAX Handlers 14

authwp_ajax_xyz_cls_ajax_backlinkajax-handler.php:29
authwp_ajax_xyz_cls_load_cityajax-handler.php:57
authwp_ajax_xyz_cls_load_stateajax-handler.php:96
authwp_ajax_xyz_cls_disp_cityajax-handler.php:223
authwp_ajax_xyz_cls_load_regionajax-handler.php:377
authwp_ajax_update_regajax-handler.php:400
authwp_ajax_xyz_cls_update_cityajax-handler.php:420
authwp_ajax_del_cityajax-handler.php:433
authwp_ajax_del_regajax-handler.php:446
authwp_ajax_quick_contactajax-handler.php:477
noprivwp_ajax_quick_contactajax-handler.php:478
authwp_ajax_xyz_cls_remove_premiumajax-handler.php:494
authwp_ajax_xyz_cls_configure_customajax-handler.php:537
authwp_ajax_xyz_cls_activate_cflajax-handler.php:546

Shortcodes 6

[xyz_wp_cls_home] shortcode-handler.php:61
[xyz_wp_cls_region] shortcode-handler.php:97
[xyz_wp_cls_city] shortcode-handler.php:134
[xyz_wp_cls_items] shortcode-handler.php:249
[xyz_wp_cls_register] shortcode-handler.php:285
[xyz_wp_cls_forgotpassword] shortcode-handler.php:318
WordPress Hooks 44
actionadmin_noticesadmin\admin-notices.php:78
actioninitadmin\install.php:5418
actioninitadmin\install.php:5433
actionwpadmin\menu.php:6
actionadmin_initadmin\menu.php:80
actionadmin_noticesadmin\menu.php:93
actionadmin_menuadmin\menu.php:97
actioninitadmin\menu.php:193
filtermanage_users_columnsadmin\menu.php:216
actionmanage_users_custom_columnadmin\menu.php:224
actionadmin_enqueue_scriptsadmin\menu.php:264
actioninitadmin\menu.php:304
actionwp_dashboard_setupadmin\menu.php:324
actionadmin_menuadmin\menu.php:342
filtermanage_classifieds_listing_posts_columnsadmin\menu.php:362
actionmanage_classifieds_listing_posts_custom_columnadmin\menu.php:363
filterpost_row_actionsadmin\menu.php:508
actionpre_get_postsadmin\menu.php:510
filterviews_edit-classifieds_listingadmin\menu.php:522
actionadmin_headadmin\menu.php:588
actionshow_user_profileadmin\menu.php:621
actionedit_user_profileadmin\menu.php:622
actionpersonal_options_updateadmin\menu.php:640
actionedit_user_profile_updateadmin\menu.php:641
actionwp_loginadmin\menu.php:668
filterlogin_messageadmin\menu.php:680
actionuser_registeradmin\menu.php:690
actionadd_meta_boxesadmin\metabox.php:9
actionadmin_initadmin\metabox.php:436
actionsave_postadmin\metabox.php:514
actioninitadmin\metabox.php:721
actionuntrashed_postadmin\metabox.php:767
actionpending_to_publishadmin\metabox.php:799
actionadmin_headadmin\metabox.php:821
filterquery_varsdirect-call.php:16
actionparse_requestdirect-call.php:42
filterthe_contenttemplate-handler.php:5
filterthe_titletemplate-handler.php:32
filterprevious_post_linktemplate-handler.php:50
filternext_post_linktemplate-handler.php:51
filterpost_thumbnail_htmltemplate-handler.php:69
actioninitwp-classifieds-listings.php:53
actionwp_footerwp-classifieds-listings.php:56
filterplugin_row_metaxyz-functions.php:249
Maintenance & Trust

WP Classifieds Listings Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedMar 9, 2018
PHP min version
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Classifieds Listings Alternatives

Classified Listing Toolkits

Classified Listing Toolkits

classified-listing-toolkits

A
100

Enhance your Classified Listing plugin with Elementor, Divi support. Seamlessly create and manage listings using intuitive widgets, and elements.

4K No CVEs
Directorist: AI-Powered Business Directory, Listings & Classified Ads

Directorist: AI-Powered Business Directory, Listings & Classified Ads

directorist

D
39

Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.

20K 2 unpatched
Classified Listing – AI-Powered Classified ads & Business Directory Plugin

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

classified-listing

A
88

A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.

10K 15 CVEs
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

geodirectory

B
82

A superb WordPress Business Directory plugin to create a local business directory, classified ads directory, or job listings board.

10K 16 CVEs
HivePress – Business Directory & Classified Ads Plugin

HivePress – Business Directory & Classified Ads Plugin

hivepress

A
100

A simple yet powerful plugin to create a business directory, job board, real estate, classified ads, or basically any type of directory website.

10K No CVEs
Developer Profile

WP Classifieds Listings Developer Profile

f1logic

15 plugins · 142K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
352 days
View full developer profile
Detection Fingerprints

How We Detect WP Classifieds Listings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-classifieds-listings/css/classifieds.css/wp-content/plugins/wp-classifieds-listings/css/colorbox.css/wp-content/plugins/wp-classifieds-listings/css/jquery.fancybox-1.3.4.css/wp-content/plugins/wp-classifieds-listings/css/jquery.jscrollpane.css/wp-content/plugins/wp-classifieds-listings/js/admin.js/wp-content/plugins/wp-classifieds-listings/js/classifieds.js/wp-content/plugins/wp-classifieds-listings/js/fancybox.js/wp-content/plugins/wp-classifieds-listings/js/jquery.colorbox-min.js+3 more
Script Paths
/wp-content/plugins/wp-classifieds-listings/js/admin.js/wp-content/plugins/wp-classifieds-listings/js/classifieds.js/wp-content/plugins/wp-classifieds-listings/js/fancybox.js/wp-content/plugins/wp-classifieds-listings/js/jquery.colorbox-min.js/wp-content/plugins/wp-classifieds-listings/js/jquery.jscrollpane.min.js/wp-content/plugins/wp-classifieds-listings/js/jquery.mousewheel.min.js+1 more
Version Parameters
wp-classifieds-listings/css/classifieds.css?ver=wp-classifieds-listings/css/colorbox.css?ver=wp-classifieds-listings/css/jquery.fancybox-1.3.4.css?ver=wp-classifieds-listings/css/jquery.jscrollpane.css?ver=wp-classifieds-listings/js/admin.js?ver=wp-classifieds-listings/js/classifieds.js?ver=wp-classifieds-listings/js/fancybox.js?ver=wp-classifieds-listings/js/jquery.colorbox-min.js?ver=wp-classifieds-listings/js/jquery.jscrollpane.min.js?ver=wp-classifieds-listings/js/jquery.mousewheel.min.js?ver=wp-classifieds-listings/js/jquery.tinyscrollbar.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
xyz_cls_items_wrapperxyz_cls_submit_item_btnxyz_cls_user_items_section
HTML Comments
<!--BEGIN #main --><!--END #main --><!-- BEGIN .wrapper --><!-- END .wrapper -->+8 more
Data Attributes
data-iddata-catiddata-cityid
JS Globals
XYZClassifiedsAdmin
Shortcode Output
[xyz_wp_cls_register][xyz_wp_cls_forgotpassword][xyz_wp_cls_home][xyz_wp_cls_region]
FAQ

Frequently Asked Questions about WP Classifieds Listings