CVE-2021-4381 Information

Jun 08, 2023 cve

Description

The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks and a missing security nonce in the StmListingSingleLayout::import_new_layout method in versions up to and including 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.

Reference

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail= https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/ https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=cve

Share on: