CVE-2021-4340

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listingid’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2023-12443 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to and including 1.6.6 Description: The issue allows for generic SQL Injection via the listing id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparati...

uListing < 2.0.6 - Authenticated IDOR

An Authenticated User IDOR vulnerability was discovered in the plugin. Important: userid and listingid values ​​are dependent on each other, that is, if the author ID == 4, the data can only be modified for those ADs and pages that relate to this particular ID. You can find out the author of the...

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Date: 2019/07/20 Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...