cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2021-4381,https://securityvulnerability.io/vulnerability/CVE-2021-4381,Authorization Bypass in uListing Plugin for WordPress,"The uListing plugin for WordPress is affected by an authorization bypass vulnerability that arises from inadequate capability checks and the absence of a security nonce in the StmListingSingleLayout::import_new_layout method. This issue enables unauthenticated attackers to manipulate any WordPress option stored in the database, potentially leading to significant security risks for WordPress installations. It is crucial for users of the uListing plugin to update to the latest version to mitigate this vulnerability and protect their sites.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.8,CRITICAL,0.005200000014156103,false,,false,false,false,,false,false,2023-06-07T01:51:54.750Z,0 CVE-2021-4370,https://securityvulnerability.io/vulnerability/CVE-2021-4370,Authorization Bypass Vulnerability in uListing Plugin for WordPress,"The uListing plugin for WordPress contains a vulnerability that allows unauthorized users to bypass access controls, gaining entry to numerous actions and endpoints without proper authentication. Key security measures, such as security nonces and data validation, are either insufficient or absent, creating opportunities for attackers to manipulate the plugin and perform actions typically reserved for authenticated users. This issue exists in versions up to and including 1.6.6, potentially exposing sites to various administrative controls and data manipulation risks.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.8,CRITICAL,0.005200000014156103,false,,false,false,false,,false,false,2023-06-07T01:51:43.279Z,0 CVE-2021-4357,https://securityvulnerability.io/vulnerability/CVE-2021-4357,Authorization Bypass in uListing Plugin for WordPress,"The uListing plugin for WordPress has a critical vulnerability that allows unauthorized users to bypass authentication due to insufficient capability checks and the absence of a security nonce. This could enable unauthenticated attackers to delete posts and pages from the site, leading to potential data loss and website malfunction. Versions up to and including 1.6.6 are affected, underscoring the importance of keeping plugins updated to mitigate such risks.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.1,CRITICAL,0.0016700000269338489,false,,false,false,false,,false,false,2023-06-07T01:51:26.007Z,0 CVE-2021-4345,https://securityvulnerability.io/vulnerability/CVE-2021-4345,Authorization Bypass in uListing Plugin for WordPress,"The uListing plugin for WordPress has a vulnerability that allows unauthorized users to manipulate user roles and capabilities. Due to missing capability and nonce checks in the UlistingUserRole::save_role_api method, attackers can exploit this flaw to add or remove roles from users without needing authentication. This presents a significant risk to WordPress sites using affected versions up to and including 1.6.6, as it undermines user access controls and could lead to further exploitation.",Wordpress,Directory Listings WordPress Plugin – Ulisting,6.5,MEDIUM,0.0014299999456852674,false,,false,false,false,,false,false,2023-06-07T01:51:17.924Z,0 CVE-2021-4346,https://securityvulnerability.io/vulnerability/CVE-2021-4346,Unauthenticated Arbitrary Account Changes in uListing Plugin for WordPress,"The uListing plugin for WordPress is susceptible to unauthenticated arbitrary account changes in versions up to and including 1.6.6. This vulnerability arises from inadequate login verification on the stm_listing_profile_edit AJAX action, enabling unauthenticated attackers to modify any user account on the site. This includes the ability to change critical account details such as the admin email address, potentially leading to unauthorized access and control over the affected WordPress site.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.8,CRITICAL,0.0014400000218302011,false,,false,false,false,,false,false,2023-06-07T01:51:16.698Z,0 CVE-2021-4343,https://securityvulnerability.io/vulnerability/CVE-2021-4343,Unauthenticated Account Creation Vulnerability in Unauthenticated Account Creation Plugin for WordPress,"The Unauthenticated Account Creation Plugin for WordPress allows unauthorized users to create accounts, including those with administrator privileges. This vulnerability arises from the exposed stm_listing_register AJAX action, which does not properly restrict role assignment. Attackers can exploit this flaw to gain unjustified access, leading to potential account hijacking and unauthorized actions within the WordPress environment.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.8,CRITICAL,0.005200000014156103,false,,false,false,false,,false,false,2023-06-07T01:51:14.601Z,0 CVE-2021-4341,https://securityvulnerability.io/vulnerability/CVE-2021-4341,Authorization Bypass in uListing Plugin for WordPress,"The uListing plugin for WordPress has a vulnerability that allows for an authorization bypass via AJAX. This is caused by inadequate capability checks, lack of input validation, and absence of a security nonce in the stm_update_email_data AJAX action. As a result, unauthenticated attackers can alter any WordPress option stored in the database, posing a significant security threat to WordPress installations using this plugin.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.8,CRITICAL,0.003530000103637576,false,,false,false,false,,false,false,2023-06-07T01:51:13.114Z,0 CVE-2021-4340,https://securityvulnerability.io/vulnerability/CVE-2021-4340,SQL Injection Vulnerability in uListing Plugin for WordPress by uListing,"The uListing plugin for WordPress contains a vulnerability that allows unauthenticated users to exploit SQL injection flaws via the 'listing_id' parameter. Due to inadequate escaping of user-supplied input and poor preparation of SQL queries, attackers can inject malicious SQL statements, potentially leading to unauthorized access to sensitive data stored in the database. This highlights the importance of implementing secure coding practices to mitigate risks associated with SQL injection attacks.",Wordpress,Directory Listings WordPress Plugin – Ulisting,9.8,CRITICAL,0.0023499999660998583,false,,false,false,false,,false,false,2023-06-07T01:51:12.264Z,0 CVE-2021-4339,https://securityvulnerability.io/vulnerability/CVE-2021-4339,Authorization Bypass in uListing Plugin for WordPress,"The uListing plugin for WordPress has a significant vulnerability that allows unauthorized users to bypass authorization checks. This flaw resides in the 'ulisting/includes/route.php' file specifically affecting the /1/api/ulisting-user/search REST-API route in all versions up to and including 1.6.6. As a result, malicious actors can exploit this vulnerability to access sensitive information, including a comprehensive list of users and their email addresses stored in the database, thereby compromising data privacy and security.",Wordpress,Directory Listings WordPress Plugin – Ulisting,7.5,HIGH,0.0014299999456852674,false,,false,false,false,,false,false,2023-06-07T01:51:11.827Z,0