CVE Alert: CVE-2025-10706 - Cridio Studio - ClassifiedPro - reCommerce WordPress Theme

CVE-2025-10706

HIGHNo exploitation known

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the ‘cwp_addons_update_plugin_cb’ function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site’s server which may make remote code execution possible. Note: The required nonce for the vulnerability is in the CubeWP Framework plugin.

CVSS v3.1 (8.8)

Vendor

Cridio Studio

Product

ClassifiedPro – reCommerce WordPress Theme

Versions

* lte 1.0.14

CWE

CWE-862, CWE-862 Missing Authorization

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-10-16T06:47:29.202Z

Updated

2025-10-16T06:47:29.202Z

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/2954583e-4ebe-4658-b132-0085f2b1cf08?source=cve

https://themeforest.net/item/classifiedpro-recommerce-classified-wordpress-theme/44528010

AI Summary Analysis

Risk verdict

High risk. Authenticated subscribers+ can trigger arbitrary plugin installations, with potential remote code execution. Urgency hinges on KEV/SSVC exploitation status and EPSS; not provided here.

Why this matters

Compromise could allow full server control, data exposure, and site defacement or malware deployment, harming uptime, consumer trust, and SEO. Attackers could pivot from the affected site to hosting or connected services if credentials or backups are exposed.

Most likely attack path

Remote attacker with subscriber+ privileges leverages missing authorization to install plugins, bypassing normal checks. No user interaction required (UI: none) and privilege requirement is low, enabling local code execution via a malicious plugin installed through the vulnerable workflow.

Who is most exposed

WordPress sites using Classified Pro, especially on shared hosting or environments where non-admin accounts exist (e.g., marketplace or client-access roles) are at greatest risk of plugin-install abuse.

Detection ideas

Log spikes of plugin installation events by non-admin users.
Unusual or new PHP files appearing under wp-content/plugins or uploads directories.
Calls to the CubeWP/related update-plugin endpoints without admin action.
Unexpected file modifications or code changes tied to plugin update routines.
Alerts on admin-ajax requests associated with plugin updates from unauthorised sources.

Mitigation and prioritisation

Patch to a fixed version or remove vulnerable code paths; verify vendor guidance.
Enforce strict least-privilege: restrict plugin installation to admins only; disable self-service installs.
Validate and harden the CubeWP Framework integration; monitor related endpoints.
Implement WAF/IPS rules to detect and block anomalous plugin-install activity; audit trails for admin actions.
Regular backups and tested incident response; plan patch deployment in change-management windows.
If KEV true or EPSS ≥ 0.5, treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: classifiedpro-recommerce-wordpress-theme, cridio-studio, CVE, cve-2025-10706, OSINT, threatintel