Authorization
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...