[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiJDvzbi8BEQg4as1mHb0MHEG8_e3iQwYVJg7Z72SOmw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":20,"research_plan":32,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":33,"research_started_at":34,"research_completed_at":35,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":36},"CVE-2026-42679","classified-listing-ai-powered-classified-ads-business-directory-plugin-authenticated-subscriber-arbitrary-file-download","Classified Listing – AI-Powered Classified ads & Business Directory Plugin \u003C= 5.3.8 - Authenticated (Subscriber+) Arbitrary File Download","The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.3.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","classified-listing",null,"\u003C=5.3.8","5.3.9","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2026-05-17 00:00:00","2026-05-19 16:23:35",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9a724287-5b9c-45cb-ab83-28d73ddc39ec?source=api-prod",3,[22,23,24,25,26,27,28,29],"README.txt","app\u002FControllers\u002FAjax\u002FAjaxCFG.php","app\u002FControllers\u002FAjax\u002FAjaxSettings.php","app\u002FControllers\u002FAjax\u002FCheckout.php","app\u002FControllers\u002FAjax\u002FExport.php","app\u002FControllers\u002FAjax\u002FFilterFormAdminAjax.php","app\u002FControllers\u002FAjax\u002FFormBuilderAjax.php","app\u002FControllers\u002FAjax\u002FImport.php","researched",false,"_fb_get_attachment_details` with `attachment_id=..\u002F..\u002F..\u002F..\u002F..\u002F..\u002Fwp-config.php`.\n    4.  The response contains the file content.\n\n    *   `FormBuilderAjax.php` registers `rtcl_fb_get_attachment_details`.\n    *   I will search for where this is used. It's used in the form builder.\n    *   The shortcode for the form builder is often `[rtcl_post_form]` or `[rtcl_listing_form]`.\n    *   I'll create a page with `[rtcl_listing_form]`.\n\n    *   `nonceId`: `rtcl_nonce` (common for this plugin).\n    *   `nonceText`: `rtcl_nonce`.\n    *   Wait, let's look at `FilterFormAdminAjax.php`.\n        `if ( !wp_verify_nonce( isset( $_REQUEST[rtcl()->nonceId] ) ? $_REQUEST[rtcl()->nonceId] : null, rtcl()->nonceText ) )`\n    *   If I check the page source for `rtcl_nonce`, I can find it.\n\n    *   Wait, the CVSS is 4.3 (Medium). This usually means it's not a full unauthenticated RCE, but an authenticated file read.\n    *   \"Path Traversal in all versions up to, and including, 5.3.8.\"\n    *   \"Authenticated (Subscriber+)","gemini-3-flash-preview","2026-05-20 17:22:23","2026-05-20 17:24:01",{"type":37,"vulnerable_version":38,"fixed_version":11,"vulnerable_browse":39,"vulnerable_zip":40,"fixed_browse":41,"fixed_zip":42,"all_tags":43},"plugin","5.3.8","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fclassified-listing\u002Ftags\u002F5.3.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassified-listing.5.3.8.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fclassified-listing\u002Ftags\u002F5.3.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassified-listing.5.3.9.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fclassified-listing\u002Ftags"]