Platform
wordpress
Component
advanced-classifieds-and-directory-pro
Fixed in
3.2.10
CVE-2025-68580 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in pluginsware Advanced Classifieds & Directory Pro. This flaw allows an attacker to potentially perform unauthorized actions on a user's account without their knowledge. The vulnerability impacts versions from 0.0.0 through 3.2.9, and a patch is available in version 3.3.0.
A successful CSRF attack could allow an attacker to modify classified listings, user profiles, or other sensitive data within the Advanced Classifieds & Directory Pro system. This could result in data breaches, unauthorized account modifications, or even the complete takeover of user accounts. The impact is amplified if the platform is used for business-critical classifieds or directory listings, as attackers could manipulate information to their advantage or disrupt operations. While CSRF typically requires user interaction (e.g., clicking a malicious link), the potential for widespread impact remains significant, especially in environments with shared hosting or where users are less security-aware.
CVE-2025-68580 was publicly disclosed on 2025-12-24. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's CVSS score of 4.3 (MEDIUM) suggests a moderate probability of exploitation, particularly if attackers actively target Advanced Classifieds & Directory Pro installations. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-68580 is to immediately upgrade Advanced Classifieds & Directory Pro to version 3.3.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive forms and actions within the plugin. Web Application Firewalls (WAFs) can also be configured to filter out suspicious requests that exhibit CSRF characteristics. Regularly review user permissions and implement the principle of least privilege to limit the potential damage from a successful attack.
Update to version 3.3.0, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-68580 is a Cross-Site Request Forgery (CSRF) vulnerability affecting pluginsware Advanced Classifieds & Directory Pro, allowing attackers to perform unauthorized actions.
You are affected if you are using Advanced Classifieds & Directory Pro versions 0.0.0 through 3.2.9. Upgrade to 3.3.0 or later to mitigate the risk.
Upgrade Advanced Classifieds & Directory Pro to version 3.3.0 or later. Consider implementing CSRF tokens as a temporary workaround.
There is no confirmed active exploitation of CVE-2025-68580 at this time, but the vulnerability's CVSS score indicates a moderate risk.
Refer to the pluginsware website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.