Medium 4.9 Unfixed
2026-03-05≤ 2.2.0
CVE-2026-28078
Directory Listings WordPress plugin – uListing
Minimum safe version
2.1.7
Update to 2.1.7 or later to address 42 fixable vulnerabilities
Latest available2.2.0 ✓⚠ 6 vulnerabilities have no fix
High 7.2 Unfixed
2026-02-26≤ 2.2.0
CVE-2026-28138
High 8.8 Unfixed
2025-04-17≤ 2.2.0
WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability
High 7.6 Unfixed
2025-04-04≤ 2.2.0
WordPress uListing plugin <= 2.2.0 - SQL Injection vulnerability
High 8.8 Unfixed
2025-03-15≤ 2.2.0
Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation
High 8.8 Unfixed
2025-03-15≤ 2.2.0
Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
Critical 9.3
2025-03-03< 2.1.7
CVE-2025-25150
High 8.5
2025-02-07< 2.1.7
CVE-2025-25151
Medium 5.3
2024-10-07< 2.1.6
CVE-2024-47344
Critical 9.8
2023-06-07< 1.7
CVE-2021-4381
Critical 9.8
2023-06-07< 1.7
CVE-2021-4370
High 7.5
2023-06-07< 1.7
CVE-2021-4340
Critical 9.8
2023-06-07< 1.7
CVE-2021-4343
Medium 5.3
2023-06-07< 1.7
CVE-2021-4345
Medium 5.3
2023-06-07< 1.7
CVE-2021-4357
Critical 9.8
2023-06-07< 1.7
CVE-2021-4341
Medium 5.3
2023-06-07< 1.7
CVE-2021-4339
High 7.5
2023-06-07< 1.7
CVE-2021-4346
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Missing Authorization
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX
N/A
2021-01-28< 1.7
uListing <= 1.6.6 - Unauthenticated Information Disclosure
N/A
2021-09-06< 2.0.9
Listing, Classified Ads & Business Directory – uListing <= 2.0.8 - Cross-Site Request Forgery
N/A
2021-10-28< 1.7
uListing <= 1.6.6 - Unauthenticated SQL Injection
N/A
< 1.7
wpscan.com
N/A
< 1.7
uListing < 1.7 - Unauthenticated SQL Injections
N/A
< 1.7
uListing < 1.7 - Unauthenticated Information Disclosure
N/A
< 1.7
uListing < 1.7 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
N/A
< 1.7
uListing < 1.7 - Unauthenticated Arbitrary Post/Page Deletion
N/A
< 1.7
uListing < 1.7 - Unauthenticated Arbitrary Account Creation
N/A
< 1.7
uListing < 1.7 - Unauthenticated Arbitrary Account Change
N/A
< 2.0.9
uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF
N/A
2021-01-28< 1.7
WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Account Creation/Change vulnerability
N/A
2021-01-28< 1.7
WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion vulnerability
N/A
2021-01-28< 1.7
WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion vulnerability
N/A
2021-01-28< 1.7
WordPress uListing plugin <= 1.6.6 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
N/A
2021-01-28< 1.7
WordPress uListing plugin <= 1.6.6 - Unauthenticated Information Disclosure vulnerability
High 8.6
2021-09-27< 2.0.4
CVE-2021-36880
Critical 9.8
2021-09-27< 2.0.6
CVE-2021-36879
Medium 4.3
2021-09-27< 2.0.6
CVE-2021-36878
Medium 4.3
2021-09-27< 2.0.6
CVE-2021-36877
Medium 5.4
2021-09-27< 2.0.6
CVE-2021-36876
Medium 5.9
2021-09-27< 2.0.6
CVE-2021-36875
High 7.1
2021-09-27< 2.0.6
CVE-2021-36874