Stylemixthemes

Ulisting

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-1653

  • EPSS 0.07%
  • Veröffentlicht 15.03.2025 02:22:42
  • Zuletzt bearbeitet 28.03.2025 13:17:33

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the us...

8.8

CVE-2025-1657

  • EPSS 0.18%
  • Veröffentlicht 15.03.2025 02:22:41
  • Zuletzt bearbeitet 28.03.2025 12:59:00

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and inclu...

8.5

CVE-2025-25151

  • EPSS 0.12%
  • Veröffentlicht 07.02.2025 10:15:20
  • Zuletzt bearbeitet 07.02.2025 10:15:20

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6.

5.3

CVE-2024-47344

  • EPSS 0.42%
  • Veröffentlicht 07.10.2024 06:15:04
  • Zuletzt bearbeitet 07.10.2024 17:47:48

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5.

9.8

CVE-2021-4381

Exploit
  • EPSS 0.35%
  • Veröffentlicht 07.06.2023 02:15:15
  • Zuletzt bearbeitet 21.11.2024 06:37:33

The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This...

9.8

CVE-2021-4370

Exploit
  • EPSS 0.35%
  • Veröffentlicht 07.06.2023 02:15:14
  • Zuletzt bearbeitet 21.11.2024 06:37:31

The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6...

5.3

CVE-2021-4357

Exploit
  • EPSS 0.09%
  • Veröffentlicht 07.06.2023 02:15:14
  • Zuletzt bearbeitet 21.11.2024 06:37:29

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible fo...

9.8

CVE-2021-4343

Exploit
  • EPSS 0.57%
  • Veröffentlicht 07.06.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 06:37:27

The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprot...

7.5

CVE-2021-4346

Exploit
  • EPSS 0.42%
  • Veröffentlicht 07.06.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 06:37:28

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthen...

5.3

CVE-2021-4345

Exploit
  • EPSS 0.13%
  • Veröffentlicht 07.06.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 06:37:28

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attac...