CVE-2024-2222
Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.
| CWE | CWE-862 |
| Vendor | pluginsware |
| Product | advanced classifieds & directory pro |
| Published | Apr 9, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for pluginsware advanced classifieds & directory pro
Be the first to know when new medium vulnerabilities affecting pluginsware advanced classifieds & directory pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
pluginsware / Advanced Classifieds & Directory Pro
0 โค 3.0.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5da189-838d-4c0b-a734-283c4da36473?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advanced-classifieds-and-directory-pro/trunk/admin/admin.php#L757 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advanced-classifieds-and-directory-pro/trunk/public/user.php#L689 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3054455%40advanced-classifieds-and-directory-pro%2Ftrunk&old=3012747%40advanced-classifieds-and-directory-pro%2Ftrunk&sfp_email=&sfph_mail=
Credits
Lucio Sรก