CVEDB API

Vulnerabilities

Vulnerable Software

Stylemixthemes: >> Ulisting >> 2.0.2 Security Vulnerabilities

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

CVSS Score

8.8

EPSS Score

0.0

Published

2025-03-15

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized.

CVSS Score

8.8

EPSS Score

0.001

Published

2025-03-15

CVE-2021-36874

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).

CVSS Score

7.1

EPSS Score

0.006

Published

2021-09-27

CVE-2021-36875

Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5.

CVSS Score

5.9

EPSS Score

0.003

Published

2021-09-27

CVE-2021-36876

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.

CVSS Score

5.4

EPSS Score

0.001

Published

2021-09-27

CVE-2021-36877

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.

CVSS Score

4.3

EPSS Score

0.001

Published

2021-09-27

CVE-2021-36879

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

CVSS Score

9.8

EPSS Score

0.004

Published

2021-09-27

CVE-2021-36880

Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.

CVSS Score

8.6

EPSS Score

0.04

Published

2021-09-27

CVE-2021-36878

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.

CVSS Score

4.3

EPSS Score

0.001

Published

2021-09-27

Page 1

Vulnerabilities

Vulnerable Software

Stylemixthemes: >> Ulisting >> 2.0.2 Security Vulnerabilities

Products

Pricing

Contact Us