CVE-2021-4381
- Reference to the description:
- Description:
- The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
- Last updated date:
- 06/14/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/14/2023
- Reference url to background
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/