ulisting_(wordpress_plugin)

2.0.3

SEMANTIC 1 CVE

<= 2.0.5

OTHER 6 CVEs

2.0.5

SEMANTIC 6 CVEs

<= 2.0.3

OTHER 1 CVE

CVE-2021-36875

Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5.

MEDIUM Sep 27, 2021

CVE-2021-36880

Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.

HIGH Sep 27, 2021

CVE-2021-36874

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).

HIGH Sep 27, 2021

CVE-2021-36877

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.

MEDIUM Sep 27, 2021

CVE-2021-36876

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.

MEDIUM Sep 27, 2021

CVE-2021-36879

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

CRITICAL Sep 27, 2021

CVE-2021-36878

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.

MEDIUM Sep 27, 2021