Vulnerabilities > Stylemixthemes > Ulisting > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2021-4339 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. | 5.3 |
| 2023-06-07 | CVE-2021-4345 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. | 5.3 |
| 2023-06-07 | CVE-2021-4357 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. | 5.3 |
| 2021-09-27 | CVE-2021-36875 | Cross-site Scripting vulnerability in Stylemixthemes Ulisting Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 4.8 |
| 2021-09-27 | CVE-2021-36877 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | 6.5 |
| 2021-09-27 | CVE-2021-36878 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. | 4.3 |