Lucene search
+L

5 matches found

osv
osv
added 2023/06/07 2:15 a.m.3 views

CVE-2021-4345

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

5.3CVSS5.8AI score
Exploits0References3
nvd
nvd
added 2023/06/07 2:15 a.m.16 views

CVE-2021-4345

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

6.5CVSS6.4AI score0.0073EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2023/06/07 1:51 a.m.11 views

CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

6.5CVSS6.1AI score0.0073EPSS
Exploits1References3
cve
cve
added 2023/06/07 1:51 a.m.51 views

CVE-2021-4345

The CVE-2021-4345 entry concerns the WordPress uListing plugin (versions up to and including 1.6.6). The root cause is missing capability and nonce checks in UlistingUserRole::save_role_api, enabling an unauthenticated attacker to remove/add roles and grant capabilities. Impact is an authorizatio...

6.5CVSS5.2AI score0.0073EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2023/06/07 1:51 a.m.23 views

CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

6.5CVSS6.6AI score0.0073EPSS
Exploits1References3
Rows per page
Query Builder