Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stylemixthemes ulisting vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-4339
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unau...
Stylemixthemes Ulisting
7.5
CVSSv3
CVE-2021-4340
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
Stylemixthemes Ulisting
7.5
CVSSv3
CVE-2021-4346
The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated malicious users to edi...
Stylemixthemes Ulisting
9.8
CVSSv3
CVE-2021-4370
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for...
Stylemixthemes Ulisting
9.8
CVSSv3
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthe...
Stylemixthemes Ulisting
9.8
CVSSv3
CVE-2021-4341
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for u...
Stylemixthemes Ulisting
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2