2 matches found
CVE-2021-4341
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...
CVE-2021-4341
Product: WordPress uListing plugin. Vulnerability: Authorization bypass via Ajax in the stm_update_email_data action due to missing capability checks, missing input validation, and a missing security nonce. Affects versions up to and including 1.6.6. Impact: Unauthenticated attackers can change a...