CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1653 – Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-1653
14 Mar 2025 — The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerabl... • https://github.com/realcodeb0ss/CVE-2025-1653-poc • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1657 – Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
https://notcve.org/view.php?id=CVE-2025-1657
14 Mar 2025 — The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerab... • https://wordpress.org/plugins/ulisting • CWE-862: Missing Authorization •