5 matches found
CVE-2025-1657
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...
CVE-2025-1657
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for...
CVE-2025-1657
creationtimestamp| type| source ---|---|--- 2025-03-15 02:45:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7650 2025-03-15 03:48:54+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114164402365852016 2025-03-15 04:00:45+00:00| seen|...
CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for...
CVE-2025-1657
CVE-2025-1657 concerns the Directory Listings WordPress plugin – uListing for WordPress. The Red Hat and NVD entries, plus Wordfence details, state that all versions up to and including 2.1.7 are vulnerable due to a missing capability check on the stm_listing_ajax AJAX action. This allows authent...