cleantalk
Vulnerabilities and Security Researches

Directory Listings WordPress plugin – uListing, CVE-2026-28078

CVE, Research URL

CVE-2026-28078

Home page URL

Security reports for Directory Listings WordPress plugin – uListing

Application

Directory Listings WordPress plugin – uListing

Published on
Mar 05, 2026
Research Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through <= 2.2.0.
Affected versions
max 2.2.0.
Status
vulnerable
Previous vulnerability researches
Tainacan Interface (CVE-2024-3867) , Jun 10, 2024
New vulnerability
Featured Image from Content (CVE-2026-27759) , Mar 30, 2026
Mollie Payments for WooCommerce (CVE-2025-68501) , Mar 30, 2026
SMTP &#8211; 100% Free &amp; Open Source SMTP plugin for WordPress &#8211; Bit SMTP (CVE-2026-32519) , Mar 30, 2026
Responsive Starter Templates &#8211; Elementor &amp; WordPress Templates (CVE-2025-15488) , Mar 30, 2026
Shopping Cart &amp; eCommerce Store (CVE-2026-32422) , Mar 30, 2026