PT-2023-12492 · WordPress · Ulisting

Jerome Bruandet

Publicado

2023-06-07

Atualizado

2023-06-14

CVE-2021-4381

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions uListing plugin for WordPress versions up to, and including, 1.6.6

Description The issue allows unauthorized access due to missing capability checks and a missing security nonce in the StmListingSingleLayout::import new layout method. This enables unauthenticated attackers to modify any WordPress option in the database.

Recommendations For versions up to, and including, 1.6.6, update to a version that includes the necessary capability checks and security nonce to prevent unauthorized access.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2021-4381

Produtos afetados

Ulisting

PT-2023-12492 · WordPress · Ulisting

CVE-2021-4381

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5