CVE-2021-36875

Name of the Vulnerable Software and Affected Versions WordPress uListing plugin versions <= 2.0.5

Description The issue is related to an Authenticated Reflected Cross-Site Scripting (XSS) vulnerability. Vulnerable parameters include filter[id], filter[user], filter[expired date], filter[created date], and filter[updated date].

Recommendations For WordPress uListing plugin versions <= 2.0.5, update to a version greater than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the parameters filter[id], filter[user], filter[expired date], filter[created date], and filter[updated date] to minimize the risk of exploitation.