The uListing plugin for WordPress is not secure in versions up to 1.6.6 and can be exploited. It is possible for people who are not logged in or authorized to the website to change any account information, like the email address associated with the admin account. This is because login checks are not in place on the stm_listing_profile_edit AJAX action.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
