WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Directory Listings WordPress plugin – uListing

2021-09-06
uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF
Fixed in version 2.0.9
2021-07-27
uListing < 2.0.6 - Authenticated IDOR
Fixed in version 2.0.6
2021-07-27
uListing < 2.0.6 - Reflected Cross-Site Scripting
Fixed in version 2.0.6
2021-07-27
uListing < 2.0.6 - Multiple CSRF
Fixed in version 2.0.6
2021-07-27
uListing < 2.0.6 - Modify User Roles via CSRF
Fixed in version 2.0.6
2021-07-27
uListing < 2.0.6 - Settings Update via CSRF
Fixed in version 2.0.6
2021-07-27
uListing < 2.0.6 - Unauthenticated Privilege Escalation
Fixed in version 2.0.6
2021-07-26
uListing < 2.0.4 - Unauthenticated SQL Injection
Fixed in version 2.0.4
2021-01-28
uListing < 1.7 - Unauthenticated Arbitrary Account Creation
Fixed in version 1.7
2021-01-28
uListing < 1.7 - Unauthenticated Arbitrary Account Change
Fixed in version 1.7
2021-01-28
uListing < 1.7 - Unauthenticated WordPress Options Change
Fixed in version 1.7
2021-01-28
uListing < 1.7 - Unauthenticated Information Disclosure
Fixed in version 1.7
2021-01-28
uListing < 1.7 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
Fixed in version 1.7
2021-01-28
uListing < 1.7 - Unauthenticated SQL Injections
Fixed in version 1.7
2021-01-28
uListing < 1.7 - Unauthenticated Arbitrary Post/Page Deletion
Fixed in version 1.7