Arbitrary Shortcode Execution Vulnerability in Classified Listing Plugin for WordPress
CVE-2025-7711

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Classified Listing – Ai-powered Classified Ads & Business Directory Plugin
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-7711?

The Classified Listing – Classified ads & Business Directory Plugin for WordPress contains a vulnerability that allows authenticated users with Subscriber-level access and higher to execute arbitrary shortcodes. The issue arises from improper validation of values before invoking the do_shortcode function, which can lead to unintended actions on the site. This vulnerability is present in all versions up to and including 5.0.3, making it critical for users to update their plugins to secure their websites against potential exploitation.

Affected Version(s)

Classified Listing – AI-Powered Classified ads & Business Directory Plugin * <= 5.0.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/classified-lis...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

Kishan Vyas

JSON