Page 4 of 17 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-4370 – uListing <= 1.6.6 - Missing Authorization

https://notcve.org/view.php?id=CVE-2021-4370

The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection. • https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c5ada976-03b8-4219-9ae3-9060fb7b9de5?source=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-4381 – uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route

https://notcve.org/view.php?id=CVE-2021-4381

The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database. El plugin uListing para WordPress es vulnerable a la omisión de autorización a través de "wp_route" debido a la falta de comprobaciones de capacidad, y la falta de un nonce de seguridad, en el método "StmListingSingleLayout::import_new_layout" en versiones hasta la v1.6.6 inclusive. Esto hace posible que atacantes no autenticados cambien cualquier opción de WordPress en la base de datos. • https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=cve • CWE-862: Missing Authorization •