CVE-2021-4381
CVE-2021-4381 affects the WordPress uListing plugin (versions up to and including 1.6.6). The root cause is missing capability checks and a missing security nonce in StmListingSingleLayout::import_new_layout, enabling unauthenticated attackers to bypass authorization and modify WordPress options ...