Update the WordPress uListing plugin to the latest available version (at least 2.0.6)
Vlad Vector discovered and reported this Insecure Direct Object References (IDOR) vulnerability in WordPress uListing Plugin. An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database. This vulnerability has been fixed in version 2.0.6.
Authenticated Reflected CrossSite Scripting (XSS) vulnerability
27.07.2021
Multiple CrossSite Request Forgery (CSRF) vulnerabilities
27.07.2021
Modify User Roles via CrossSite Request Forgery (CSRF) vulnerability
27.07.2021
Settings Update via CrossSite Request Forgery (CSRF) vulnerability
27.07.2021
Unauthenticated Privilege Escalation vulnerability
27.07.2021