5 matches found
CVE-2021-4345
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...
CVE-2021-4345
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...
CVE-2021-4345
The CVE-2021-4345 entry concerns the WordPress uListing plugin (versions up to and including 1.6.6). The root cause is missing capability and nonce checks in UlistingUserRole::save_role_api, enabling an unauthenticated attacker to remove/add roles and grant capabilities. Impact is an authorizatio...
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...