logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

uListing < 1.7 - Unauthenticated WordPress Options Change

Description

The AJAX action stm_update_email_data() accessible to both authenticated and unauthenticated users, as well as the /1/api/ulisting-builder/listing-single-layout/new-layout REST route did not perform capability and CSRF checks, allowing unauthenticated users to change any WordPress option.

Affects Plugins

ulisting

Fixed in version 1.7

References

URL

https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

Jerome Bruandet

Verified

Yes

WPVDB ID

4e92a695-c3c1-4cc2-86d2-17e689ea9fca

Timeline

Publicly Published

2021-01-28 (about 8 months ago)

Added

2021-01-28 (about 8 months ago)

Last Updated

2021-01-29 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin