Update the WordPress uListing plugin to the latest available version (at least 2.0.6).
Vlad Vector discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress uListing Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.0.6.
Authenticated Insecure Direct Object References (IDOR) vulnerability
27.07.2021
Multiple CrossSite Request Forgery (CSRF) vulnerabilities
27.07.2021
Modify User Roles via CrossSite Request Forgery (CSRF) vulnerability
27.07.2021
Settings Update via CrossSite Request Forgery (CSRF) vulnerability
27.07.2021
Unauthenticated Privilege Escalation vulnerability
27.07.2021