PT-2021-21393 · WordPress · Ulisting

Re-Alter

Published

2021-09-27

Updated

2021-10-01

CVE-2021-36880

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WordPress uListing plugin versions <= 2.0.3

Description The issue is related to an Unauthenticated SQL Injection (SQLi) vulnerability. The custom parameter is vulnerable.

Recommendations For WordPress uListing plugin versions <= 2.0.3, update to a version higher than 2.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter custom to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-36880

Affected Products

Ulisting

PT-2021-21393 · WordPress · Ulisting

CVE-2021-36880

Weakness Enumeration

Related Identifiers

Affected Products

References · 4