125 matches found
CVE-2026-57355
Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...
EUVD-2026-36823
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
PT-2026-49449
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...
CVE-2025-12833
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-10494
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...
EUVD-2009-0430
Malware in sbrugna...
EUVD-2008-6848
Malware in sbrugna...
EUVD-2010-1397
Malware in sbrugna...
EUVD-2024-46016
Malicious code in bioql PyPI...
EUVD-2025-27670
Malicious code in bioql PyPI...
EUVD-2024-46047
Malicious code in bioql PyPI...
CVE-2025-9874
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-9874
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-0763
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access a...
CVE-2025-9874
CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...
CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-0763 Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access a...
CVE-2025-0763 Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access a...