The uListing plugin for WordPress is vulnerable to security issues. If you have version 1.6.6 or earlier of the plugin installed on your website, attackers can bypass the authorization checks and delete posts and pages without being authenticated. This is due to the missing capability checks and security nonce on the UlistingUserRole::save_role_api function.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
