Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Directory Listings WordPress plugin – uListing — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in Directory Listings WordPress plugin – uListing, with AI-generated Chinese analysis, references, and POCs.

Vendor: Stylemix

CVE IDTitleCVSSSeverityPublished
CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection CWE-862 8.8 High2025-03-15
CVE-2025-1653 Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation CWE-266 8.8 High2025-03-15
CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route CWE-862 9.8 Critical2023-06-07
CVE-2021-4370 uListing <= 1.6.6 - Missing Authorization CWE-862 9.8 Critical2023-06-07
CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion CWE-862 9.1 Critical2023-06-07
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion CWE-862 6.5 Medium2023-06-07
CVE-2021-4346 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes CWE-862 9.8 Critical2023-06-07
CVE-2021-4343 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation CWE-862 9.8 Critical2023-06-07
CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX CWE-862 9.8 Critical2023-06-07
CVE-2021-4340 uListing <= 1.6.6 - Unauthenticated SQL Injection CWE-89 9.8 Critical2023-06-07
CVE-2021-4339 uListing <= 1.6.6 - Unauthenticated Information Disclosure CWE-862 7.5 High2023-06-07
CVE-2021-36875 WordPress uListing plugin <= 2.0.5 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2021-09-27

All 12 known CVE vulnerabilities affecting Directory Listings WordPress plugin – uListing with full Chinese analysis, references, and POCs where available.