17 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.5 via the /pricing-plan/payment endpoint. This makes it possible for unauthenticated attackers to render the pricing plan payment page. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-1-5-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities https://www.wordfence.com/threat-intel/vulnerabilities/id/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. Una vulnerabilidad de Escalada de Privilegios no autenticada en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola). Es posible si la configuración de WordPress permite un registro de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-unauthenticated-privilege-escalation-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5, incluyéndola) hace posible para atacantes actualizar la configuración The Cross-Site Request Forgery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-settings-update-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) hace posible a atacantes modificar los roles de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-modify-user-roles-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •