The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
References
Configurations
History
13 Jun 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/ - Exploit | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/1814537d-8307-4d1f-86c8-801519172be5?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:stylemixthemes:ulisting:*:*:*:*:*:wordpress:*:* | |
First Time |
Stylemixthemes
Stylemixthemes ulisting |
|
CWE | CWE-862 |
07 Jun 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-02-28 20:13
NVD link : CVE-2021-4341
Mitre link : CVE-2021-4341
CVE.ORG link : CVE-2021-4341
JSON object : View
Products Affected
stylemixthemes
- ulisting
CWE
CWE-862
Missing Authorization