CVE-2026-23546
Sensitive Data Exposure in RadiusTheme Classified Listing
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radius_theme | classified_listing | From 5.3.0 (inc) to 5.3.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Classified Listing plugin to version 5.3.5 or later, where the vulnerability has been patched.
Until the update can be applied, users of Patchstack can enable the automatic mitigation rule provided to block attacks targeting this vulnerability.
Additionally, enabling auto-updates specifically for vulnerable plugins can help ensure protection against this and similar vulnerabilities.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-23546 is a medium priority vulnerability in the WordPress Classified Listing Plugin (versions up to and including 5.3.4) that involves Sensitive Data Exposure.'}, {'type': 'paragraph', 'content': 'This vulnerability allows a malicious actor with subscriber-level privileges to access sensitive information embedded in the sent data that should not be available to regular users.'}, {'type': 'paragraph', 'content': 'It is classified under the OWASP Top 10 category A3: Sensitive Data Exposure and can potentially enable further exploitation of the system.'}, {'type': 'paragraph', 'content': 'The issue was reported by a researcher named "daroo" and was publicly disclosed in early 2026.'}, {'type': 'paragraph', 'content': 'Mitigation involves updating the plugin to version 5.3.5 or later, where the vulnerability has been patched.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can impact you by allowing an attacker with relatively low privileges (subscriber-level) to retrieve sensitive information that should be protected.'}, {'type': 'paragraph', 'content': 'Exposure of sensitive data can lead to further exploitation of your system, potentially compromising user privacy and security.'}, {'type': 'paragraph', 'content': 'Because the vulnerability is of medium severity with a CVSS score of 6.5, it represents a moderate risk that should be addressed promptly.'}, {'type': 'paragraph', 'content': "If left unpatched, attackers could use this access to escalate attacks or gain unauthorized insights into your system's data."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the WordPress Classified Listing Plugin versions up to and including 5.3.4 and allows sensitive data exposure. Detection involves identifying if the vulnerable plugin version is installed and monitoring for suspicious access attempts by users with subscriber-level privileges.
Specific commands are not provided in the available resources, but general detection steps include:
- Check the installed version of the Classified Listing plugin in your WordPress installation to see if it is version 5.3.4 or earlier.
- Review web server logs for unusual requests targeting the Classified Listing plugin endpoints, especially those made by low-privileged users.
- Use security plugins or tools that can scan for vulnerable plugins and report their versions.