ThreatPress

WordPress Vulnerability Database

Back

WordPress uListing plugin <= 1.6.6 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Product
uListing
Description
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities found by Jerome Bruandet in WordPress uListing plugin (versions <= 1.6.6).
Solution
Update the WordPress uListing plugin to the latest available version (at least 1.7).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.6.6
Fixed In 1.7
Disclosure date
2021-01-28
Credits
Jerome Bruandet (NinTechNet)