Lucene search
K

125 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57355

Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...

6.5CVSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36823

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49449

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...

7.5CVSS5.9AI score0.00545EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/12 5:15 a.m.5 views

CVE-2025-12833

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

4.3CVSS5.6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/09 4:14 a.m.5 views

CVE-2025-10494

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...

8.1CVSS7.3AI score0.0045EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0430

Malware in sbrugna...

7.5CVSS6.4AI score0.00993EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-6848

Malware in sbrugna...

4.3CVSS6.4AI score0.01475EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-1397

Malware in sbrugna...

7.5CVSS6.4AI score0.00973EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46016

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00558EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27670

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46047

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.12 views

CVE-2025-9874

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS7.2AI score0.00545EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.6 views

CVE-2025-9874

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS0.00545EPSS
Exploits0References3
NVD
NVD
added 2025/09/11 8:15 a.m.18 views

CVE-2025-0763

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS0.00222EPSS
Exploits0References2
CVE
CVE
added 2025/09/11 7:24 a.m.19 views

CVE-2025-9874

CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...

7.5CVSS6.8AI score0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.4 views

CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS6.8AI score0.00545EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.10 views

CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.1 views

CVE-2025-0763 Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS4.7AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.9 views

CVE-2025-0763 Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS0.00222EPSS
Exploits0References2
Rows per page
Query Builder