SQL Injection Vulnerability in Stylemix uListing Plugin
CVE-2025-25150

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Ulisting
Vendor: CVE Published:; 3 March 2025

Summary

The Stylemix uListing plugin is susceptible to a Blind SQL Injection vulnerability that arises due to improper handling of special elements used in SQL commands. This vulnerability can be exploited by attackers to manipulate database queries, potentially leading to unauthorized access to sensitive information. It is crucial for users of uListing, especially those running versions from n/a through 2.1.6, to apply available security patches and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

uListing <= 2.1.6

References

https://patchstack.com/database/wordpress/plugin/ulisting...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)