Skip to content
Features
Pricing
Solutions
Status
API Details
CLI Scanner
Vulnerabilities
Themes
WordPress
Plugins
Stats
Submit Vulnerabilities
Leaderboard
Resources
Blog
Enterprise Features
How to Install WPScan
WPScan Glossary
2024 Website Threat Report
Search
WordPress Plugin Vulnerabilities
Show Previous Letters
0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Show Next Letters
Slug
Published
Title
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Arbitrary Account Creation
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Arbitrary Account Change
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated WordPress Options Change
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Information Disclosure
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated SQL Injections
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Arbitrary Post/Page Deletion
Slug
ulisting
Published
2021-07-26
Title
uListing < 2.0.4 - Unauthenticated SQL Injection
Slug
ulisting
Published
2021-07-27
Title
uListing < 2.0.6 - Settings Update via CSRF
Slug
ulisting
Published
2021-07-27
Title
uListing < 2.0.6 - Authenticated IDOR
Slug
ulisting
Published
2021-07-27
Title
uListing < 2.0.6 - Reflected Cross-Site Scripting
Slug
ulisting
Published
2021-07-27
Title
uListing < 2.0.6 - Multiple CSRF
Slug
ulisting
Published
2021-07-27
Title
uListing < 2.0.6 - Modify User Roles via CSRF
Slug
ulisting
Published
2021-07-27
Title
uListing < 2.0.6 - Unauthenticated Privilege Escalation
Slug
ulisting
Published
2021-09-06
Title
uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF
Slug
ulisting
Published
2021-01-28
Title
uListing < 1.7 - Missing Access Controls
Slug
ulisting
Published
2024-09-27
Title
uListing < 2.1.6 - Unauthenticated Information Exposure
Slug
ulisting
Published
2025-02-03
Title
uListing < 2.1.7 - Unauthenticated SQL Injection
Slug
ulisting
Published
2025-02-03
Title
uListing < 2.1.7 - Authenticated (Contributor+) SQL Injection
Slug
ulisting
Published
2025-03-14
Title
Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
Slug
ulisting
Published
2025-03-14
Title
uListing <= 2.1.7 - Subscriber+ Privilege Escalation
Slug
ulisting
Published
2025-04-04
Title
uListing <= 2.2.0 - Admin+ SQL Injection
Slug
ulisting
Published
2025-04-15
Title
uListing <= 2.2.0 - Authenticated (Subscriber+) PHP Object Injection
Slug
ulp-duplicate-post-sql-timebased
Published
2025-02-20
Title
Indeed Ultimate Learning Pro < 3.9.1 - Authenticated (Administrator+) SQL Injection via post_id Parameter
Slug
ultimate-410
Published
2024-04-22
Title
Ultimate 410 Gone Status Code < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Previous
1
2
3
4
5
Next
Subscribe
Subscribed
WPScan
Join 30,880 other subscribers
Sign me up
Already have a WordPress.com account?
Log in now.
WPScan
Subscribe
Subscribed
Sign up
Log in
Report this content
View site in Reader
Manage subscriptions
Collapse this bar
WPScan 