Stylemixthemes Ulisting

18 CVEs affecting Stylemixthemes Ulisting. Latest disclosed: 2025-03-15. Critical: 8, High: 5.

Top CVEs affecting Stylemixthemes Ulisting
CVESeverityScorePublishedSummary
CVE-2021-4381Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the Stm…
CVE-2021-4370Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security no…
CVE-2021-4346Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing lo…
CVE-2021-4343Critical9.82023-06-07The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is du…
CVE-2021-4341Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing secu…
CVE-2021-4340Critical9.82023-06-07The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insuffic…
CVE-2021-36879Critical9.82021-09-27Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registrati…
CVE-2021-4357Critical9.12023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole…
CVE-2025-1657High8.82025-03-15The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a mi…
CVE-2025-1653High8.82025-03-15The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This…
CVE-2021-36880High8.62021-09-27Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.
CVE-2021-4339High7.52023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/a…
CVE-2021-36874High7.12021-09-27Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
CVE-2021-4345Medium6.52023-06-07The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api metho…
CVE-2021-36875Medium5.92021-09-27Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings…
CVE-2021-36876Medium5.42021-09-27Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pa…
CVE-2021-36877Medium4.32021-09-27Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.
CVE-2021-36878Medium4.32021-09-27Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.