CVE-2025-0763

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access a...

CVE-2025-0763 Ultimate Classified Listings <= 1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomfields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access a...

CVE-2024-6529

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2016-11013

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS...

CVE-2025-1653 Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stmlistingprofileedit AJAX action not having enough restriction on the user meta that can be updated. This makes it possibl...

CVE-2025-1657

CVE-2025-1657 concerns the Directory Listings WordPress plugin – uListing for WordPress. The Red Hat and NVD entries, plus Wordfence details, state that all versions up to and including 2.1.7 are vulnerable due to a missing capability check on the stm_listing_ajax AJAX action. This allows authent...

CVE-2024-13577

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-13577

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-24713

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a...

WordPress Auto Listings Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Auto Listings Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24713 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c93447ae1758 Credits resecured.io Required privilege...

WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software IMPress Listings Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45633 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7bfb35b30d5c Credits Nguyen Anh Tien Required...

CVE-2023-41801

Cross-Site Request Forgery CSRF vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin = 4.3 versions...

CVE-2023-22711 WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Agent Evolution IMPress Listings plugin = 2.6.2 versions...

CVE-2023-22711

CVE-2023-22711 – WordPress IMPress Listings plugin

WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software IMPress Listings Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22711 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0d7d7b89ac9d Credits István Márton Required...

CVE-2022-0702

The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Petfinder Listings plugin 1.0.18 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the...

CVE-2016-11013

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS...

CVE-2016-11013

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS...