SQL Injection Vulnerability in uListing Plugin for WordPress by uListing
CVE-2021-4340

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Directory Listings WordPress Plugin – Ulisting
Vendor: CVE Published:; 7 June 2023

What is CVE-2021-4340?

The uListing plugin for WordPress contains a vulnerability that allows unauthenticated users to exploit SQL injection flaws via the 'listing_id' parameter. Due to inadequate escaping of user-supplied input and poor preparation of SQL queries, attackers can inject malicious SQL statements, potentially leading to unauthorized access to sensitive data stored in the database. This highlights the importance of implementing secure coding practices to mitigate risks associated with SQL injection attacks.

Affected Version(s)

Directory Listings WordPress plugin – uListing * < 1.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-ulisting-plugin-fix...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet

Wordpress

What is CVE-2021-4340?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit