Vulnerabilities for Ulisting (...) - CXSECURITY.COM

Vulnerabilities for 'Ulisting'

2021-09-27

CVE-2021-36874

CWE-639

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).

CVE-2021-36875

CWE-79

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date].

CVE-2021-36876

CWE-352

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.

CVE-2021-36877

CWE-352

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.

CVE-2021-36879

CWE-269

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

CVE-2021-36880

CWE-89

Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.

CVE-2021-36878

CWE-352

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.

>>> Vendor: Stylemixthemes 3 Products

Motors - car dealer\, classifieds \& listing

Masterstudy lms

Copyright 2024, cxsecurity.com