PatchSiren cyber security CVE debrief
CVE-2026-42658 Mamunur Rashid CVE debrief
CVE-2026-42658 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in the Classified Listing plugin, affecting versions up to 5.3.8. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42658).
- Vendor
- Mamunur Rashid
- Product
- Classified Listing
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Classified Listing plugin versions up to 5.3.8 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is caused by an Unauthenticated Cross Site Scripting (XSS) issue in the Classified Listing plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to Classified Listing plugin versions up to 5.3.8.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/classified-listing/vulnerability/wordpress-classified-listing-plugin-5-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve) for mitigation or vendor-prov
Evidence notes
Evidence suggests that this vulnerability was discovered by Patchstack.
Official resources
-
CVE-2026-42658 CVE record
CVE.org
-
CVE-2026-42658 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42658 was published on 2026-06-15T21:16:55.457Z and last modified on 2026-06-15T21:24:32.790Z.