WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

uListing < 1.7 - Unauthenticated WordPress Options Change

Description

The AJAX action stm_update_email_data() accessible to both authenticated and unauthenticated users, as well as the /1/api/ulisting-builder/listing-single-layout/new-layout REST route did not perform capability and CSRF checks, allowing unauthenticated users to change any WordPress option.

Affects Plugins

ulisting
Fixed in version 1.7

References

URL
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Jerome Bruandet

Verified

Yes

WPVDB ID
4e92a695-c3c1-4cc2-86d2-17e689ea9fca

Timeline

Publicly Published

2021-01-28 (about 2 years ago)

Added

2021-01-28 (about 2 years ago)

Last Updated

2021-01-29 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin