Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

uListing

Source -

CNA

CNA CVEs -

7

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2026-28078
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:54
Updated-28 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.2.0 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through <= 2.2.0.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-28138
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.2||HIGH
EPSS-0.07% / 20.53%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 08:33
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-32662
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.43% / 63.00%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-12 May, 2026 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-32122
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.50% / 66.43%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.2.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through <= 2.2.0.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-25150
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through <= 2.1.6.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-25151
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.05% / 16.53%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 10:11
Updated-11 May, 2026 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing Plugin <= 2.1.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows SQL Injection.This issue affects uListing: from n/a through <= 2.1.6.

Action-Not Available
Vendor-Stylemix
Product-uListing
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-47344
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 67.30%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 05:34
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Stylemix uListing ulisting.This issue affects uListing: from n/a through <= 2.1.5.

Action-Not Available
Vendor-Stylemixstylemixthemes
Product-uListingulisting
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor