Stylemix Directory Listings Wordpress Plugin – Ulisting

12 CVEs affecting Stylemix Directory Listings Wordpress Plugin – Ulisting. Latest disclosed: 2025-03-15. Critical: 7, High: 3.

Top CVEs affecting Stylemix Directory Listings Wordpress Plugin – Ulisting
CVESeverityScorePublishedSummary
CVE-2021-4381Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the Stm…
CVE-2021-4370Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security no…
CVE-2021-4346Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing lo…
CVE-2021-4343Critical9.82023-06-07The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is du…
CVE-2021-4341Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing secu…
CVE-2021-4340Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insuffic…
CVE-2021-4357Critical9.12023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole…
CVE-2025-1657High8.82025-03-15The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a mi…
CVE-2025-1653High8.82025-03-15The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This…
CVE-2021-4339High7.52023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/a…
CVE-2021-4345Medium6.52023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api metho…
CVE-2021-36875Medium5.92021-09-27Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings…