The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:17.924Z
Updated: 2023-06-07T01:51:17.924Z
Reserved: 2023-06-06T12:34:37.438Z
Link: CVE-2021-4345
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:13.377
Modified: 2023-11-07T03:40:44.877
Link: CVE-2021-4345
JSON object: View
Redhat Information
No data.
CWE