cleantalk
Vulnerabilities and Security Researches

Directory Listings WordPress plugin – uListing, CVE-2021-4341

CVE, Research URL

CVE-2021-4341

Home page URL

Security reports for Directory Listings WordPress plugin – uListing

Application

Directory Listings WordPress plugin – uListing

Published on
Jun 07, 2023
Research Description
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
Affected versions
max 1.7.
Status
vulnerable
Previous vulnerability researches
Directory Listings WordPress plugin – uListing (CVE-2021-36875) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36877) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36880) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36874) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36876) , Jun 07, 2024
New vulnerability
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025
Advanced Settings (CVE-2025-58996) , Oct 12, 2025
FancyTabs (CVE-2025-8560) , Oct 12, 2025