CVE-2024-6529

CVE-2024-6529 is a Reflected XSS in the Ultimate Classified Listings WordPress plugin prior to version 1.4. Public sources in connected documents confirm the vulnerability arises from insufficient sanitisation/escaping of a parameter before output. The Red Hat advisory reiterates the same descrip...

CVE-2024-13748

CVE-2024-13748 — Ultimate Classified Listings for WordPress has a Stored XSS in the Title parameter on all versions up to 1.4. Exploitation requires administrator-level access and affects multisite or sites with unfiltered_html disabled. Wordfence reports the vulnerability as present and notes a ...

CVE-2024-13753

CVE-2024-13753 — The Ultimate Classified Listings WordPress plugin is vulnerable to Cross-Site Request Forgery in all versions up to 1.4 due to missing or incorrect nonce validation on the update_profile function. This could allow unauthenticated attackers to modify a victim’s email via a forged ...

CVE-2024-5883

CVE-2024-5883 affects the Ultimate Classified Listings WordPress plugin (versions before 1.3). The issue is a reflected cross-site scripting (XSS) vulnerability where a parameter is not properly sanitised/escaped before being echoed back in the page, enabling an attacker to execute script in admi...

CVE-2024-5882

The CVE CVE-2024-5882 affects the WordPress plugin Ultimate Classified Listings (versions before 1.3). It arises from missing validation of the ucl_page and layout parameters, enabling unauthenticated users to access PHP files on the server from the listings page (Local File Inclusion). Red Hat a...