关键漏洞信息 CVE: CVE-2025-7711 CVSS: 5.4 (Medium) Publicly Published: November 17, 2025 Last Updated: November 17, 2025 Researcher: Kishan Vyas Affected Plugin: Classified Listing – Classified ads & Business Directory Plugin Software Type: Plugin Software Slug: classified-listing Patched?: Yes Affected Version: <= 5.0.3 Patched Version: 5.0.4 Vulnerability: Arbitrary Shortcode Execution via Listing Description Description: - Vulnerability allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes. - CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N References: - plugins.trac.wordpress.org Remediation: Update to version 5.0.4 or a newer patched version.