Lucene search
+L

5 matches found

NVD
NVD
added 2025/03/15 3:15 a.m.33 views

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...

8.8CVSS0.00403EPSS
Exploits0References3
OSV
OSV
added 2025/03/15 3:15 a.m.6 views

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References2
Circl
Circl
added 2025/03/15 2:45 a.m.18 views

CVE-2025-1657

creationtimestamp| type| source ---|---|--- 2025-03-15 02:45:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7650 2025-03-15 03:48:54+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114164402365852016 2025-03-15 04:00:45+00:00| seen|...

8.8CVSS8.7AI score0.00403EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/15 2:22 a.m.6 views

CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for...

8.8CVSS8.6AI score0.00403EPSS
Exploits0References2
CVE
CVE
added 2025/03/15 2:22 a.m.80 views

CVE-2025-1657

CVE-2025-1657 concerns the Directory Listings WordPress plugin – uListing for WordPress. The Red Hat and NVD entries, plus Wordfence details, state that all versions up to and including 2.1.7 are vulnerable due to a missing capability check on the stm_listing_ajax AJAX action. This allows authent...

8.8CVSS7.2AI score0.00403EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder