Lucene search
K

46 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...

7.5CVSS5.9AI score0.00545EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27670

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46016

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00558EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46047

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.12 views

CVE-2025-9874

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS7.2AI score0.00545EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.6 views

CVE-2025-9874

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.5 views

CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS6.8AI score0.00545EPSS
Exploits0References3
CVE
CVE
added 2025/09/11 7:24 a.m.19 views

CVE-2025-9874

CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...

7.5CVSS6.8AI score0.00545EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.10 views

CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

7.5CVSS0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.2 views

CVE-2025-0763 Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access a...

4.3CVSS4.7AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.7 views

PT-2025-37159

Name of the Vulnerable Software and Affected Versions: The Ultimate Classified Listings plugin for WordPress versions up to and including 1.6 Description: The Ultimate Classified Listings plugin for WordPress is susceptible to Local File Inclusion via the uclwp dashboard shortcode. Authenticated...

7.5CVSS6.8AI score0.00545EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.3 views

WordPress plugin Ultimate Classified Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.3AI score0.00222EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.4 views

WordPress plugin Ultimate Classified Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS7AI score0.00545EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.8 views

CVE-2024-52487

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through = 1.7...

6.5CVSS7.2AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.13 views

CVE-2024-5883

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS6.1AI score0.0036EPSS
Exploits1References1
OSV
OSV
added 2025/02/20 10:15 a.m.4 views

CVE-2024-13748

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00212EPSS
Exploits0References2
NVD
NVD
added 2025/02/20 10:15 a.m.20 views

CVE-2024-13753

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the updateprofile function. This makes it possible for unauthenticated attackers to modify victim's...

8.8CVSS0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/20 9:21 a.m.9 views

CVE-2024-13753 Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery to Account Takeover

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the updateprofile function. This makes it possible for unauthenticated attackers to modify victim's...

8.1CVSS7.2AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/20 9:21 a.m.26 views

CVE-2024-13753 Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery to Account Takeover

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the updateprofile function. This makes it possible for unauthenticated attackers to modify victim's...

8.1CVSS0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/20 9:21 a.m.8 views

CVE-2024-13748 Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.4AI score0.00212EPSS
Exploits0References2
Rows per page
Query Builder