uListing < 2.0.6 - Multiple CSRF

The plugin is lacking proper CSRF checks in multiple protected actions within wp-admin pages, leaving them vulnerable to CSRF attacks. PoC | CSRF | Add/Edit Pricing Plans: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: agent or admin cookies User-Agent: Mozilla/5.0 Content-Type:...

Dropbox: Coupon codes indexed by Google

Security researcher was able to perform google dorking to find an explicit information regarding coupons that allowed to escalate pricing plans...