Stylemixthemes Ulisting (Wordpress Plugin)
6 CVEs affecting Stylemixthemes Ulisting (Wordpress Plugin). Latest disclosed: 2021-09-27. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-36879 | Critical | 9.8 | 2021-09-27 | Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registrati… |
CVE-2021-36880 | High | 8.6 | 2021-09-27 | Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. |
CVE-2021-36874 | High | 7.1 | 2021-09-27 | Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). |
CVE-2021-36876 | Medium | 5.4 | 2021-09-27 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pa… |
CVE-2021-36877 | Medium | 4.3 | 2021-09-27 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. |
CVE-2021-36878 | Medium | 4.3 | 2021-09-27 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. |