CVE-2021-4341

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

CVE-2021-4346

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stmlistingprofileedit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog,...

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

CVE-2021-4339 uListing <= 1.6.6 - Unauthenticated Information Disclosure

The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to...