Stylemix Directory Listings Wordpress Plugin – Ulisting
12 CVEs affecting Stylemix Directory Listings Wordpress Plugin – Ulisting. Latest disclosed: 2025-03-15. Critical: 7, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-4381 | Critical | 9.8 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the Stm… |
CVE-2021-4370 | Critical | 9.8 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security no… |
CVE-2021-4346 | Critical | 9.8 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing lo… |
CVE-2021-4343 | Critical | 9.8 | 2023-06-07 | The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is du… |
CVE-2021-4341 | Critical | 9.8 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing secu… |
CVE-2021-4340 | Critical | 9.8 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insuffic… |
CVE-2021-4357 | Critical | 9.1 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole… |
CVE-2025-1657 | High | 8.8 | 2025-03-15 | The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a mi… |
CVE-2025-1653 | High | 8.8 | 2025-03-15 | The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This… |
CVE-2021-4339 | High | 7.5 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/a… |
CVE-2021-4345 | Medium | 6.5 | 2023-06-07 | The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api metho… |
CVE-2021-36875 | Medium | 5.9 | 2021-09-27 | Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings… |