PatchSiren

Mamunur Rashid CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Mamunur Rashid CVE published 2026-06-15

CVE-2026-42658

CVE-2026-42658 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in the Classified Listing plugin, affecting versions up to 5.3.8. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42658).

MEDIUM Mamunur Rashid CVE published 2026-06-15

CVE-2026-42651

A Subscriber Broken Access Control vulnerability exists in the Classified Listing plugin versions <= 5.3.9. This vulnerability has been assigned a CVSS score of 6.3, indicating a Medium severity level. The vulnerability allows unauthorized access to sensitive data, potentially leading to confidentiality, integrity, and availability impacts.

MEDIUM Mamunur Rashid CVE published 2026-06-15

CVE-2026-42640

CVE-2026-42640 is a MEDIUM severity vulnerability (CVSS Score: 6.5) in the Classified Listing plugin versions <= 5.3.8. The vulnerability is caused by unauthenticated broken access control. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-862. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].

MEDIUM Mamunur Rashid CVE published 2026-06-01

CVE-2026-42679

A Path Traversal vulnerability (CWE-22) exists in the Classified Listing WordPress plugin, affecting versions up to and including 5.3.8. The vulnerability allows an attacker with low privileges to traverse directory paths and potentially download arbitrary files from the server. The CVSS 3.1 score of 6.5 (Medium severity) reflects network attackability with low attack complexity, requiring low privileges [truncated]

MEDIUM Mamunur Rashid CVE published 2026-05-27

CVE-2026-49054

A Missing Authorization vulnerability (CWE-862) in The Post Grid WordPress plugin allows attackers to exploit incorrectly configured access control security levels. The vulnerability affects versions from n/a through 7.9.2. The issue was published to the CVE database on 2026-05-27 and carries a MEDIUM severity rating with a CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The NVD currently lis [truncated]