CVE-2021-4370

Name of the Vulnerable Software and Affected Versions uListing plugin for WordPress versions prior to 1.6.7

Description The issue allows unauthorized access to most actions and endpoints, as they are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This enables unauthenticated attackers to perform various administrative actions.

Recommendations For versions up to and including 1.6.6, update to version 1.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative endpoints until a patch is available. Avoid using the plugin for sensitive administrative tasks until the issue is resolved.