CVE-2021-4341: Input Validation
First published: Wed Jun 07 2023(Updated: )
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| StylemixThemes uListing | <=1.6.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the uListing plugin for WordPress?
The vulnerability ID for the uListing plugin for WordPress is CVE-2021-4341.
What is the severity rating of CVE-2021-4341?
CVE-2021-4341 has a severity rating of 9.8 (Critical).
What is the affected software for CVE-2021-4341?
The affected software for CVE-2021-4341 is the uListing plugin for WordPress up to and including version 1.6.6.
What is the description of CVE-2021-4341?
CVE-2021-4341 is an authorization bypass vulnerability in the uListing plugin for WordPress due to missing capability checks, input validation, and security nonce.
How can I fix CVE-2021-4341 vulnerability?
To fix the CVE-2021-4341 vulnerability, make sure to update the uListing plugin for WordPress to a version higher than 1.6.6 and apply any available patches or security fixes.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/stylemixthemes
- canonical/stylemixthemes ulisting
- version/stylemixthemes ulisting/1.6.6