Webcodingplace

webcodingplace

7 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Ultimate Classified Listings

ultimate_classified_listings

Real Estate Manager

real_estate_manager

Product Expiry For Woocommerce

product_expiry_for_woocommerce

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13753 1Webcodingplace 1Ultimate Classified Listings Apr 8, 2026 Feb 20, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile func...Show more The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.Show less
CVE-2024-13748 1Webcodingplace 1Ultimate Classified Listings Feb 25, 2025 Feb 20, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escap...Show more The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2024-6529 1Webcodingplace 1Ultimate Classified Listings Apr 10, 2025 Aug 1, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pr...Show more The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5883 1Webcodingplace 1Ultimate Classified Listings Apr 10, 2025 Jul 29, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pr...Show more The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2024-5882 1Webcodingplace 1Ultimate Classified Listings Apr 10, 2025 Jul 29, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page
CVE-2024-0201 1Webcodingplace 1Product Expiry For Woocommerce Apr 8, 2026 Jan 3, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This mak...Show more The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. CVE-2023-52179 appears to be a duplicate of this issue.Show less
CVE-2023-4239 1Webcodingplace 1Real Estate Manager Apr 8, 2026 Aug 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible fo...Show more The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.Show less