CVE-2021-4340 – uListing <= 1.6.6 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-4340
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities https://www.wordfence.com/threat-intel/vulnerabilities/id/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-36879 – WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-36879
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. Una vulnerabilidad de Escalada de Privilegios no autenticada en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola). Es posible si la configuración de WordPress permite un registro de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-unauthenticated-privilege-escalation-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVE-2021-36878 – WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36878
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5, incluyéndola) hace posible para atacantes actualizar la configuración The Cross-Site Request Forgery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-settings-update-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-36877 – WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36877
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) hace posible a atacantes modificar los roles de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-modify-user-roles-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-36876 – WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-36876
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola) ya que carece de comprobaciones de tipo CSRF en las páginas de administración del plugin • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-multiple-cross-site-request-forgery-csrf-vulnerabilities https://wordpress.org/plugins/ulisting/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •