Plattform
wordpress
Komponente
advanced-classifieds-and-directory-pro
Behoben in
3.2.10
CVE-2025-68580 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in pluginsware Advanced Classifieds & Directory Pro. This flaw allows an attacker to potentially perform unauthorized actions on a user's account without their knowledge. The vulnerability impacts versions from 0.0.0 through 3.2.9, and a patch is available in version 3.3.0.
A successful CSRF attack could allow an attacker to modify classified listings, user profiles, or other sensitive data within the Advanced Classifieds & Directory Pro system. This could result in data breaches, unauthorized account modifications, or even the complete takeover of user accounts. The impact is amplified if the platform is used for business-critical classifieds or directory listings, as attackers could manipulate information to their advantage or disrupt operations. While CSRF typically requires user interaction (e.g., clicking a malicious link), the potential for widespread impact remains significant, especially in environments with shared hosting or where users are less security-aware.
CVE-2025-68580 was publicly disclosed on 2025-12-24. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's CVSS score of 4.3 (MEDIUM) suggests a moderate probability of exploitation, particularly if attackers actively target Advanced Classifieds & Directory Pro installations. It is not currently listed on the CISA KEV catalog.
Websites utilizing pluginsware Advanced Classifieds & Directory Pro versions 0.0.0 through 3.2.9 are at risk. This includes businesses and individuals relying on the plugin for classified listings or directory management. Shared hosting environments are particularly vulnerable, as attackers could potentially exploit the vulnerability across multiple websites hosted on the same server.
• wordpress / composer / npm:
grep -r 'pluginsware/advanced-classifieds-and-directory-pro' /var/www/html
wp plugin list | grep advanced-classifieds• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=some_sensitive_action | grep Content-Typedisclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-68580 is to immediately upgrade Advanced Classifieds & Directory Pro to version 3.3.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive forms and actions within the plugin. Web Application Firewalls (WAFs) can also be configured to filter out suspicious requests that exhibit CSRF characteristics. Regularly review user permissions and implement the principle of least privilege to limit the potential damage from a successful attack.
Aktualisieren Sie auf Version 3.3.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-68580 is a Cross-Site Request Forgery (CSRF) vulnerability affecting pluginsware Advanced Classifieds & Directory Pro, allowing attackers to perform unauthorized actions.
You are affected if you are using Advanced Classifieds & Directory Pro versions 0.0.0 through 3.2.9. Upgrade to 3.3.0 or later to mitigate the risk.
Upgrade Advanced Classifieds & Directory Pro to version 3.3.0 or later. Consider implementing CSRF tokens as a temporary workaround.
There is no confirmed active exploitation of CVE-2025-68580 at this time, but the vulnerability's CVSS score indicates a moderate risk.
Refer to the pluginsware website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.