← Back

Ultimate Classified Listings

ultimate_classified_listings

Vendor: Webcodingplace • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-13753
1Webcodingplace
1Ultimate Classified Listings
Apr 8, 2026
Feb 20, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile func...Show more
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.Show less
CVE-2024-13748
1Webcodingplace
1Ultimate Classified Listings
Feb 25, 2025
Feb 20, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escap...Show more
The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2024-6529
1Webcodingplace
1Ultimate Classified Listings
Apr 10, 2025
Aug 1, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pr...Show more
The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5883
1Webcodingplace
1Ultimate Classified Listings
Apr 10, 2025
Jul 29, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pr...Show more
The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5882
1Webcodingplace
1Ultimate Classified Listings
Apr 10, 2025
Jul 29, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page