WordPress Plugin Vulnerabilities

uListing < 1.7 - Unauthenticated WordPress Options Change

Description

The AJAX action stm_update_email_data() accessible to both authenticated and unauthenticated users, as well as the /1/api/ulisting-builder/listing-single-layout/new-layout REST route did not perform capability and CSRF checks, allowing unauthenticated users to change any WordPress option.

Affects Plugins

Plugin icon
ulisting
Fixed in 1.7

References

CVE
CVE-2021-4370
CVE
CVE-2021-4341
URL
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
Yes
WPVDB ID
4e92a695-c3c1-4cc2-86d2-17e689ea9fca

Timeline

Publicly Published
2021-01-28 (about 3 years ago)
Added
2021-01-28 (about 3 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2022-01-03
Title
TrustMate.io integration for WooCommerce < 1.8.12 - Subscriber+ Arbitrary Plugin's Settings Update
Published
2021-02-10
Title
Map Block for Google Maps < 1.32 - Unauthorised Google API Key change
Published
2022-06-27
Title
miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting
Published
2023-12-14
Title
WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS
Published
2021-11-01
Title
Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure