The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:13.114Z
Updated: 2023-06-07T01:51:13.114Z
Reserved: 2023-06-06T12:29:12.757Z
Link: CVE-2021-4341
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:13.127
Modified: 2023-11-07T03:40:44.407
Link: CVE-2021-4341
JSON object: View
Redhat Information
No data.
CWE