Page 6 of 41 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5, incluyéndola) hace posible para atacantes actualizar la configuración The Cross-Site Request Forgery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-settings-update-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) hace posible a atacantes modificar los roles de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-modify-user-roles-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) ya que carece de comprobaciones de tipo CSRF en las páginas de administración del plugin • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-multiple-cross-site-request-forgery-csrf-vulnerabilities https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado y Autenticado en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola). Parámetros vulnerables: &amp;filter[id], &amp;filter[user], &amp;filter[expired_date], &amp;filter[created_date], &amp;filter[updated_date] • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-authenticated-reflected-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Una vulnerabilidad de Referencias Directas a Objetos no Seguros (IDOR) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-authenticated-insecure-direct-object-references-idor-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-639: Authorization Bypass Through User-Controlled Key •