WordPress uListing plugin <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion vulnerability

Back

Product: uListing
Description: Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion vulnerability found by Jerome Bruandet in WordPress uListing plugin (versions <= 1.6.6).
Solution: Update the WordPress uListing plugin to the latest available version (at least 1.7).
Classification: Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References: Vulnerability details
Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 1.6.6
Fixed In 1.7
Disclosure date: 2021-01-28
Credits: Jerome Bruandet (NinTechNet)

ThreatPress