Ulisting Security Vulnerabilities and Issues — Ulisting CVE List

StylemixthemesUlisting

18 matches found

CVE•added 2025/03/15 2:22 a.m.•69 views

CVE-2025-1653

CVE-2025-1653 affects Directory Listings WordPress plugin – uListing; all versions up to and including 2.1.7 are vulnerable to Privilege Escalation via the stm_listing_profile_edit AJAX action. An authenticated user with Subscriber-level access and above can elevate privileges to Administrator. T...

8.8CVSS7.2AI score0.00153EPSS

CVE•added 2025/03/15 2:22 a.m.•62 views

CVE-2025-1657

CVE-2025-1657 concerns the Directory Listings WordPress plugin – uListing for WordPress. The Red Hat and NVD entries, plus Wordfence details, state that all versions up to and including 2.1.7 are vulnerable due to a missing capability check on the stm_listing_ajax AJAX action. This allows authent...

8.8CVSS7.2AI score0.00113EPSS

CVE•added 2021/09/27 3:32 p.m.•54 views

CVE-2021-36880

CVE-2021-36880 affects the WordPress plugin uListing (versions

9.8CVSS9.7AI score0.03826EPSS

Web

CVE•added 2021/09/27 3:32 p.m.•47 views

CVE-2021-36874

Summary of CVE-2021-36874 : Affected product is WordPress plugin uListing ≤ 2.0.5. The vulnerability is an Authenticated Insecure Direct Object Reference (IDOR) , allowing an authenticated user to access/modify listing data via IDOR endpoints (e.g., publish, feature, delete listings). Root cause ...

8.8CVSS7.8AI score0.01005EPSS

Web

CVE•added 2021/09/27 3:32 p.m.•46 views

CVE-2021-36876

CVE-2021-36876 affects the WordPress plugin uListing (versions ≤ 2.0.5). The root cause is missing CSRF checks on admin pages, enabling CSRF vulnerabilities . Documented impact includes cross‑site requests potentially altering listing data in protected areas. Connected sources repeatedly confirm ...

8.8CVSS7.4AI score0.00107EPSS

Web

CVE•added 2021/09/27 3:32 p.m.•46 views

CVE-2021-36879

CVE-2021-36879 affects WordPress uListing plugin versions

9.8CVSS9.5AI score0.00578EPSS

Web

CVE•added 2021/09/27 3:32 p.m.•45 views

CVE-2021-36877

CVE-2021-36877 affects WordPress plugin uListing (versions

6.5CVSS5.3AI score0.00103EPSS

Web

CVE•added 2021/09/27 2:12 p.m.•43 views

CVE-2021-36878

The CVE-2021-36878 entry covers a CSRF vulnerability in the WordPress uListing plugin (versions

4.3CVSS4.5AI score0.00103EPSS

Web

CVE•added 2023/06/07 1:51 a.m.•43 views

CVE-2021-4340

The CVE-2021-4340 entry concerns the WordPress uListing plugin. Affected component: uListing plugin for WordPress (versions up to and including 1.6.6). Root cause: insufficient escaping of the user-supplied listing_id parameter and inadequate preparation of the existing SQL query, leading to gene...

9.8CVSS7.7AI score0.00853EPSS

CVE•added 2021/09/27 3:32 p.m.•42 views

CVE-2021-36875

Summary of CVE-2021-36875 : Affected software is the WordPress uListing plugin (versions

5.9CVSS4.9AI score0.00259EPSS

Web

CVE•added 2023/06/07 1:51 a.m.•42 views

CVE-2021-4339

CVE-2021-4339 — WordPress uListing plugin : Affected software is the uListing WordPress plugin (versions up to 1.6.6). Root cause is a missing capability check in ulisting/includes/route.php for the REST endpoint /1/api/ulisting-user/search, leading to an authorization bypass. Impact: unauthentic...

7.5CVSS5.2AI score0.00782EPSS

CVE•added 2023/06/07 1:51 a.m.•42 views

CVE-2021-4345

The CVE-2021-4345 entry concerns the WordPress uListing plugin (versions up to and including 1.6.6). The root cause is missing capability and nonce checks in UlistingUserRole::save_role_api, enabling an unauthenticated attacker to remove/add roles and grant capabilities. Impact is an authorizatio...

6.5CVSS5.2AI score0.00153EPSS

CVE•added 2023/06/07 1:51 a.m.•41 views

CVE-2021-4341

Product: WordPress uListing plugin. Vulnerability: Authorization bypass via Ajax in the stm_update_email_data action due to missing capability checks, missing input validation, and a missing security nonce. Affects versions up to and including 1.6.6. Impact: Unauthenticated attackers can change a...

9.8CVSS9.2AI score0.00237EPSS

CVE•added 2023/06/07 1:51 a.m.•41 views

CVE-2021-4343

The CVE-2021-4343 entry refers to the WordPress Unauthenticated Account Creation plugin (up to version 1.6.6). The underlying issue is that the stm_listing_register AJAX action is accessible and unprotected, allowing unauthenticated attackers to create accounts, including administrator-level acco...

9.8CVSS9.2AI score0.00733EPSS

CVE•added 2023/06/07 1:51 a.m.•41 views

CVE-2021-4357

Summary : The WordPress uListing plugin is vulnerable to an authorization bypass in the function UlistingUserRole::save_role_api up to and including version 1.6.6 . The root cause is missing capability checks and a missing security nonce, which could allow unauthenticated attackers to arbitrarily...

9.1CVSS5.2AI score0.00109EPSS

CVE•added 2023/06/07 1:51 a.m.•40 views

CVE-2021-4370

The CVE-2021-4370 entry concerns the WordPress uListing plugin. Affected software: WordPress uListing plugin for WordPress (versions up to and including 1.6.6). The root cause is an authorization bypass allowing unauthenticated users to perform many administrative actions, with endpoints accessib...

9.8CVSS9.3AI score0.00419EPSS

CVE•added 2023/06/07 1:51 a.m.•40 views

CVE-2021-4381

CVE-2021-4381 affects the WordPress uListing plugin (versions up to and including 1.6.6). The root cause is missing capability checks and a missing security nonce in StmListingSingleLayout::import_new_layout, enabling unauthenticated attackers to bypass authorization and modify WordPress options ...

9.8CVSS9.2AI score0.00419EPSS

CVE•added 2023/06/07 1:51 a.m.•37 views

CVE-2021-4346

The CVE-2021-4346 entry concerns the WordPress uListing plugin. Concrete details across connected documents show that versions up to and including 1.6.6 are vulnerable due to missing login checks on the stm_listing_profile_edit AJAX action, enabling unauthenticated attackers to edit accounts (e.g...

9.8CVSS7.4AI score0.00496EPSS