CVE-2025-1657

by Fred · 15/03/2025

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized.

Assigner : cve-request@wordfence.com

More information : https://wordpress.org/plugins/ulisting/

CVE-2025-1657

Similar

Recent Posts

Categories

CVE-2025-1657

Share this:

Similar

Recent Posts

Categories

Tags