uListing < 1.7 – Unauthenticated Information Disclosure | CVE 2021-4339

Affects Plugins

ulisting

Fixed in 1.7

References

CVE

CVE-2021-4339

URL

https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

7.5 (high)

Miscellaneous

Original Researcher

Jerome Bruandet

Verified

Yes

WPVDB ID

68e509ed-dc3d-4070-8155-a5c02c682337

Timeline

Publicly Published

2021-01-28 (about 3 years ago)

Added

2021-01-28 (about 3 years ago)

Last Updated

2023-06-08 (about 11 months ago)

Other

Published

Title

Published

2023-11-30

Title

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Published

2023-11-07

Title

Cloud Templates & Patterns collection < 1.2.3 - Sensitive Information Exposure via Log File

Published

2024-04-22

Title

VikRentCar Car Rental Management System < 1.3.3 - Information Exposure

Published

2024-04-22

Title

USPS Shipping for WooCommerce – Live Rates < 1.10.0 - Sensitive Information Exposure

Published

2024-02-20

Title

Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure