Stylemixthemes Ulisting — known CVE vulnerabilities
Every CVE whose affected-product data names Stylemixthemes Ulisting, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-4341 — CVSS 9.8 (critical): The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input…
CVE-2021-4381 — CVSS 9.8 (critical): The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing…
CVE-2021-4370 — CVSS 9.8 (critical): The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated…
CVE-2021-4340 — CVSS 9.8 (critical): The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and…
CVE-2021-4346 — CVSS 9.8 (critical): The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This…
CVE-2021-36879 — CVSS 9.8 (critical): Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration…
CVE-2021-4343 — CVSS 9.8 (critical): The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and…
CVE-2021-4357 — CVSS 9.1 (critical): The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on…
CVE-2025-1657 — CVSS 8.8 (high): The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object…
CVE-2025-1653 — CVSS 8.8 (high): The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and…
CVE-2021-4339 — CVSS 7.5 (high): The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.ph…
CVE-2021-36874 — CVSS 7.1 (high): Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
CVE-2021-4345 — CVSS 6.5 (medium): The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the…
CVE-2021-36876 — CVSS 5.4 (medium): Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on…
CVE-2021-36878 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update…
CVE-2021-36877 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify…