Vulnerabilities > Stylemixthemes > Ulisting > 1.0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2021-4381 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. | 9.8 |
| 2021-09-27 | CVE-2021-36874 | Authorization Bypass Through User-Controlled Key vulnerability in Stylemixthemes Ulisting Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 8.8 |
| 2021-09-27 | CVE-2021-36875 | Cross-site Scripting vulnerability in Stylemixthemes Ulisting Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 4.8 |
| 2021-09-27 | CVE-2021-36876 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. | 8.8 |
| 2021-09-27 | CVE-2021-36877 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | 6.5 |
| 2021-09-27 | CVE-2021-36879 | Unspecified vulnerability in Stylemixthemes Ulisting Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 9.8 |
| 2021-09-27 | CVE-2021-36880 | SQL Injection vulnerability in Stylemixthemes Ulisting Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom. | 9.8 |
| 2021-09-27 | CVE-2021-36878 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. | 4.3 |