Back
WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Account Creation/Change vulnerability
- Product
- uListing
- Description
- Unauthenticated Arbitrary Account Creation/Change vulnerability found by Jerome Bruandet in WordPress uListing plugin (versions <= 1.6.6).
- Solution
- Update the WordPress uListing plugin to the latest available version (at least 1.7).
- Classification
-
Type Multiple Vulnerabilities
OWASP Top 10 A7: Missing Function Level Access Control
- References
-
Plugin changelog
Vulnerability details
- CVE
- Name CVE-N/A
- Versions
-
Affected In
<= 1.6.6
Fixed In 1.7
- Disclosure date
- 2021-01-28
- Credits
- Jerome Bruandet (NinTechNet)