RSS   Vulnerabilities for 'Ulisting'   RSS

2021-09-27
 
CVE-2021-36874

CWE-639
 

 
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).

 
 
CVE-2021-36875

CWE-79
 

 
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date].

 
 
CVE-2021-36876

CWE-352
 

 
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.

 
 
CVE-2021-36877

CWE-352
 

 
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.

 
 
CVE-2021-36879

CWE-269
 

 
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

 
 
CVE-2021-36880

CWE-89
 

 
Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.

 
 
CVE-2021-36878

CWE-352
 

 
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.

 

 >>> Vendor: Stylemixthemes 3 Products
Motors - car dealer\, classifieds \& listing
Ulisting
Masterstudy lms


Copyright 2024, cxsecurity.com

 

Back to Top