SQL Injection Vulnerability in uListing Plugin for WordPress by uListing
CVE-2021-4340
9.8CRITICAL
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 7 June 2023
Summary
The uListing plugin for WordPress contains a vulnerability that allows unauthenticated users to exploit SQL injection flaws via the 'listing_id' parameter. Due to inadequate escaping of user-supplied input and poor preparation of SQL queries, attackers can inject malicious SQL statements, potentially leading to unauthorized access to sensitive data stored in the database. This highlights the importance of implementing secure coding practices to mitigate risks associated with SQL injection attacks.
Affected Version(s)
Directory Listings WordPress plugin – uListing * < 1.7
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jerome Bruandet