Ultimate Classified Listings, CVE-2024-5882

CVE, Research URL: CVE-2024-5882
Home page URL: Security reports for Ultimate Classified Listings
Application: Ultimate Classified Listings
Published on: Jul 29, 2024
Research Description: The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page
Affected versions: Min -, max 1.4.
Status: vulnerable