CVE-2025-1657

High CVSS: 8.8

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized.

Vendor

Stylemixthemes

Product

Ulisting

CWE

CWE-862

Yayın Tarihi

2025-03-15 03:15:34

Güncelleme

2025-03-28 12:59:00

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Ulisting HIGH Stylemixthemes 2025

Referanslar

https://wordpress.org/plugins/ulisting/ https://www.wordfence.com/threat-intel/vulnerabilities/id/0e70184f-94b6-4742-b99b-6eec9d28f17c?source=cve

Benzer Kayıtlar

Medium

CVE-2025-14757

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions…

Medium

CVE-2025-3437

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification…

Medium

CVE-2025-2808

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripti…

High

CVE-2025-2807

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installa…

Medium

CVE-2024-13737

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data d…

High

CVE-2025-1653

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all ver…