CVE-2021-36878 – WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5, incluyéndola) hace posible para atacantes actualizar la configuración The Cross-Site Request Forgery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-settings-update-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-36877 – WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36877
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) hace posible a atacantes modificar los roles de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-modify-user-roles-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-36876 – WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-36876
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) ya que carece de comprobaciones de tipo CSRF en las páginas de administración del plugin • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-multiple-cross-site-request-forgery-csrf-vulnerabilities https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-36875 – WordPress uListing plugin <= 2.0.5 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36875
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado y Autenticado en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola). Parámetros vulnerables: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date] • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-authenticated-reflected-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-36874 – WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2021-36874
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Una vulnerabilidad de Referencias Directas a Objetos no Seguros (IDOR) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-authenticated-insecure-direct-object-references-idor-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-639: Authorization Bypass Through User-Controlled Key •