WordPress Plugin Vulnerabilities | Page 3 | WPScan

0-9
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z

Slug

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated Arbitrary Account Change

Slug

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated WordPress Options Change

Slug

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated Information Disclosure

Slug

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion

Slug

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated SQL Injections

Slug

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated Arbitrary Post/Page Deletion

Slug

Published

2021-07-26

Title

uListing < 2.0.4 - Unauthenticated SQL Injection

Slug

Published

2021-07-27

Title

uListing < 2.0.6 - Settings Update via CSRF

Slug

Published

2021-07-27

Title

uListing < 2.0.6 - Authenticated IDOR

Slug

Published

2021-07-27

Title

uListing < 2.0.6 - Reflected Cross-Site Scripting

Slug

Published

2021-07-27

Title

uListing < 2.0.6 - Multiple CSRF

Slug

Published

2021-07-27

Title

uListing < 2.0.6 - Modify User Roles via CSRF

Slug

Published

2021-07-27

Title

uListing < 2.0.6 - Unauthenticated Privilege Escalation

Slug

Published

2021-09-06

Title

uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF

Slug

Published

2021-01-28

Title

uListing < 1.7 - Missing Access Controls

Slug

Published

2024-09-27

Title

uListing < 2.1.6 - Unauthenticated Information Exposure

Slug

Published

2025-02-03

Title

uListing < 2.1.7 - Unauthenticated SQL Injection

Slug

Published

2025-02-03

Title

uListing < 2.1.7 - Authenticated (Contributor+) SQL Injection

Slug

Published

2025-03-14

Title

Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection

Slug

Published

2025-03-14

Title

uListing <= 2.1.7 - Subscriber+ Privilege Escalation

Slug

Published

2025-04-04

Title

uListing <= 2.2.0 - Admin+ SQL Injection

Slug

Published

2025-04-15

Title

uListing <= 2.2.0 - Authenticated (Subscriber+) PHP Object Injection

Slug

ulp-duplicate-post-sql-timebased

Published

2025-02-20

Title

Indeed Ultimate Learning Pro < 3.9.1 - Authenticated (Administrator+) SQL Injection via post_id Parameter

Slug

Published

2024-04-22

Title

Ultimate 410 Gone Status Code < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Slug

ultimate-accordion

Published

2024-11-08

Title

Ultimate Accordion <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Previous
1
2
3
4
5
Next