CVE-2026-28078

CVE-2026-28078 describes an Improper Pathname Limitation (Path Traversal) in the WordPress plugin uListing (Stylemix uListing, listing component) that allows arbitrary file download. Affected: uListing versions from unspecified earlier up to and including 2.2.0. The initial description and Red Ha...

CVE-2026-28078 WordPress uListing plugin <= 2.2.0 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through = 2.2.0...

WordPress uListing plugin <= 2.2.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin uListing versions = 2.2.0...

CVE-2026-28138

CVE-2026-28138 affects WordPress plugin uListing: versions through 2.2.0. The vulnerability is PHP object injection via deserialization of untrusted data in uListing (undisclosed root cause in provided docs). Impact is indicated as high in CVSS 3.1: high confidentiality, integrity, availability i...

CVE-2026-28138 WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

WordPress plugin uListing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2021-23450

Malware in sbrugna...

EUVD-2021-23456

Malware in sbrugna...

EUVD-2021-23455

Malware in sbrugna...

EUVD-2021-23451

Malware in sbrugna...

EUVD-2021-34168

Malicious code in bioql PyPI...

EUVD-2021-34208

Malicious code in bioql PyPI...

EUVD-2021-34172

Malicious code in bioql PyPI...

EUVD-2021-34173

Malicious code in bioql PyPI...

CVE-2021-4345

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

CVE-2025-32122 WordPress uListing plugin <= 2.1.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.9...

WordPress uListing plugin <= 2.2.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin uListing versions = 2.2.0...

WordPress uListing plugin <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin uListing versions = 2.1.7...

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stmlistingprofileedit AJAX action not having enough restriction on the user meta that can be updated. This makes it possibl...

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stmlistingprofileedit AJAX action not having enough restriction on the user meta that can be updated. This makes it possibl...