The Advanced Classifieds & Directory Pro plugin for WordPress has a security issue that can result in data being deleted without authorization. This is because the plugin does not have a proper check in place for a function called “ajax_callback_delete_attachment”. This vulnerability exists in all versions of the plugin up to and including version 3.0.0. As a result, someone with subscriber access or higher can potentially delete any uploaded media without permission.