5 matches found
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...
CVE-2021-4381
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...
CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route
The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...
CVE-2021-4381
CVE-2021-4381 affects the WordPress uListing plugin (versions up to and including 1.6.6). The root cause is missing capability checks and a missing security nonce in StmListingSingleLayout::import_new_layout, enabling unauthenticated attackers to bypass authorization and modify WordPress options ...