WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

uListing < 1.7 - Unauthenticated SQL Injections

Description

The /1/api/ulisting-page-statistics/listing REST route did not sanitise or escape the listing_id and user_id GET parameters before using them in a SQL statement, leading to an SQL Injection issue.

The plugin also did not sanitise and escape the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR which are then used in a SQL statement. As these can be spoofed/forged, unauthenticated users could perform SQL Injection

Affects Plugins

ulisting
Fixed in version 1.7

References

URL
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Jerome Bruandet

Verified

Yes

WPVDB ID
e52f7971-d8ef-49eb-8c2b-4b42d97fc9aa

Timeline

Publicly Published

2021-01-28 (about 2 years ago)

Added

2021-01-28 (about 2 years ago)

Last Updated

2021-01-29 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin