Auto Listings Security Vulnerabilities - January
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings β Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings β Car Listings & Car Dealership Plugin for WordPress: from n/a...
6.5CVSS
6.4AI Score
0.0004EPSS
The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the ucl_page and layout parameters allowing unauthenticated users to access PHP files on the server from the listings page
7.5CVSS
6.6AI Score
0.0004EPSS
The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
4.7CVSS
5.8AI Score
0.0004EPSS
The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
7.1CVSS
6.1AI Score
0.0004EPSS