Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for malicious users to modify user roles.
stylemixthemes ulisting