Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Clasifico Listing Plugin for WordPress Allows Unauthorized User Privilege Escalation
CVE-2025-12882
Summary
The Clasifico Listing plugin for WordPress allows anyone to create an account and gain administrator privileges without proper authorization, which could lead to unauthorized access to your website's settings and data. This affects all versions of the plugin up to 2.0. To fix this issue, update the plugin to the latest version.
Original title
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to ...
Original description
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it possible for unauthenticated attackers to gain elevated privileges by registering an account with the administrator role.
nvd CVSS3.1
9.8
Vulnerability type
CWE-269
Improper Privilege Management
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026