46 matches found
WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...
EUVD-2025-27670
Malicious code in bioql PyPI...
EUVD-2024-46016
Malicious code in bioql PyPI...
EUVD-2024-46047
Malicious code in bioql PyPI...
CVE-2025-9874
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-9874
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-9874
CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...
CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-0763 Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access a...
PT-2025-37159
Name of the Vulnerable Software and Affected Versions: The Ultimate Classified Listings plugin for WordPress versions up to and including 1.6 Description: The Ultimate Classified Listings plugin for WordPress is susceptible to Local File Inclusion via the uclwp dashboard shortcode. Authenticated...
WordPress plugin Ultimate Classified Listings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Ultimate Classified Listings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-52487
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through = 1.7...
CVE-2024-5883
The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13748
The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-13753
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the updateprofile function. This makes it possible for unauthenticated attackers to modify victim's...
CVE-2024-13753 Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery to Account Takeover
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the updateprofile function. This makes it possible for unauthenticated attackers to modify victim's...
CVE-2024-13753 Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery to Account Takeover
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the updateprofile function. This makes it possible for unauthenticated attackers to modify victim's...
CVE-2024-13748 Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter
The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...