Webcodingplace

Ultimate Classified Listings

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-9874

  • EPSS 0.12%
  • Veröffentlicht 11.09.2025 07:24:55
  • Zuletzt bearbeitet 11.09.2025 17:14:10

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwp_dashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level acce...

4.3

CVE-2025-0763

  • EPSS 0.04%
  • Veröffentlicht 11.09.2025 07:24:50
  • Zuletzt bearbeitet 11.09.2025 17:14:10

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_custom_fields function in all versions up to, and including, 1.6. This makes it possible for authen...

4.8

CVE-2024-13748

  • EPSS 0.11%
  • Veröffentlicht 20.02.2025 10:15:10
  • Zuletzt bearbeitet 25.02.2025 20:54:55

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible fo...

8.8

CVE-2024-13753

  • EPSS 0.04%
  • Veröffentlicht 20.02.2025 10:15:10
  • Zuletzt bearbeitet 25.02.2025 20:55:58

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible f...

6.5

CVE-2024-52487

  • EPSS 0.08%
  • Veröffentlicht 02.12.2024 14:15:10
  • Zuletzt bearbeitet 02.12.2024 14:15:10

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4.

7.5

CVE-2024-52448

  • EPSS 0.26%
  • Veröffentlicht 20.11.2024 12:15:21
  • Zuletzt bearbeitet 21.11.2024 13:57:24

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebCodingPlace Ultimate Classified Listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through 1.4.

7.1

CVE-2024-6529

Exploit
  • EPSS 45.87%
  • Veröffentlicht 01.08.2024 06:15:02
  • Zuletzt bearbeitet 10.04.2025 13:49:49

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

7.5

CVE-2024-5882

Exploit
  • EPSS 1.74%
  • Veröffentlicht 29.07.2024 06:15:02
  • Zuletzt bearbeitet 10.04.2025 13:52:09

The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page

4.7

CVE-2024-5883

Exploit
  • EPSS 0.17%
  • Veröffentlicht 29.07.2024 06:15:02
  • Zuletzt bearbeitet 10.04.2025 13:50:08

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin