WordPress Plugin Vulnerabilities

uListing < 1.7 - Unauthenticated SQL Injections

Description

The /1/api/ulisting-page-statistics/listing REST route did not sanitise or escape the listing_id and user_id GET parameters before using them in a SQL statement, leading to an SQL Injection issue.

The plugin also did not sanitise and escape the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR which are then used in a SQL statement. As these can be spoofed/forged, unauthenticated users could perform SQL Injection

Affects Plugins

Plugin icon
ulisting
Fixed in 1.7

References

CVE
CVE-2021-4340
URL
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
Yes
WPVDB ID
e52f7971-d8ef-49eb-8c2b-4b42d97fc9aa

Timeline

Publicly Published
2021-01-28 (about 3 years ago)
Added
2021-01-28 (about 3 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2022-12-02
Title
Plugin Logic < 1.0.8 - Admin+ SQLi
Published
2015-02-03
Title
WordPress <= 1.5.1.2 - XML-RPC SQL Injection
Published
2021-10-07
Title
Wow Forms <= 3.1.3 - Admin+ SQL Injection
Published
2015-03-18
Title
Easy Digital Downloads < 2.3.3 - SQL Injection
Published
2022-11-21
Title
Icegram Express < 5.5.1 - Subscriber+ SQLi