CVE-2021-36876: WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
First published: Mon Sep 27 2021(Updated: )
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Stylemixthemes Ulisting | <=2.0.5 |
Remedy
Update to 2.0.6 or higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the CSRF vulnerabilities in WordPress uListing plugin?
The vulnerability ID for the CSRF vulnerabilities in WordPress uListing plugin is CVE-2021-36876.
What is the severity of CVE-2021-36876?
The severity of CVE-2021-36876 is high, with a severity value of 8.8.
Which versions of the uListing plugin are affected by CVE-2021-36876?
Versions up to and including 2.0.5 of the uListing plugin are affected by CVE-2021-36876.
What is the CWE ID for CVE-2021-36876?
The CWE ID for CVE-2021-36876 is CWE-352.
Are there any references for CVE-2021-36876?
Yes, you can find references for CVE-2021-36876 at the following links: [Patchstack](https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-multiple-cross-site-request-forgery-csrf-vulnerabilities) and [WordPress.org](https://wordpress.org/plugins/ulisting/#developers).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/stylemixthemes
- canonical/stylemixthemes ulisting
- version/stylemixthemes ulisting/2.0.5