Authorization Bypass in uListing Plugin for WordPress
CVE-2021-4345

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Directory Listings WordPress Plugin – Ulisting
Vendor: CVE Published:; 7 June 2023

Summary

The uListing plugin for WordPress has a vulnerability that allows unauthorized users to manipulate user roles and capabilities. Due to missing capability and nonce checks in the UlistingUserRole::save_role_api method, attackers can exploit this flaw to add or remove roles from users without needing authentication. This presents a significant risk to WordPress sites using affected versions up to and including 1.6.6, as it undermines user access controls and could lead to further exploitation.

Affected Version(s)

Directory Listings WordPress plugin – uListing * < 1.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-ulisting-plugin-fix...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet