Unknown Ultimate Classified Listings vulnerabilities
3 known vulnerabilities affecting unknown/ultimate_classified_listings.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-6529HIGHCVSS 7.1fixed in 1.42024-08-01
CVE-2024-6529 [HIGH] CWE-79 CVE-2024-6529: The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a paramete
The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd
CVE-2024-5882HIGHCVSS 7.5fixed in 1.32024-07-29
CVE-2024-5882 [HIGH] CWE-22 CVE-2024-5882: The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `l
The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page
cvelistv5nvd
CVE-2024-5883MEDIUMCVSS 4.7fixed in 1.32024-07-29
CVE-2024-5883 [MEDIUM] CWE-79 CVE-2024-5883: The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a paramete
The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
cvelistv5nvd