WordPress Plugin Vulnerabilities

uListing < 1.7 - Unauthenticated Arbitrary Account Change

Description

The AJAX action stm_listing_profile_edit() accessible to both authenticated and unauthenticated users did not perform capability and CSRF checks, and did not ensure that the edited account belonged to the user making the request. This allows unauthenticated users to update arbitrary accounts, such as changing their email addresses or profile picture

Affects Plugins

Plugin icon
ulisting
Fixed in 1.7

References

CVE
CVE-2021-4346
URL
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
Yes
WPVDB ID
eb9fdc26-e382-46cc-966e-407ad93dc360

Timeline

Publicly Published
2021-01-28 (about 3 years ago)
Added
2021-01-28 (about 3 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2022-01-19
Title
WP HTML Mail < 3.1 - Unprotected REST-API Endpoint
Published
2024-03-19
Title
Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
Published
2021-12-28
Title
LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion
Published
2024-04-17
Title
LoginPress Pro <= 2.5.3 - Captcha Bypass
Published
2024-02-21
Title
Maintenance Page < 1.0.9 - Missing Authorization to Sensitive Information Exposure