CVE-2021-4343
published 2023-06-07CVE-2021-4343: The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.40%
69.1th percentile
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| istio.io | istio | >= 0 < 1.9.8 | 1.9.8 |
| istio.io | istio | >= 1.10.0 < 1.10.4 | 1.10.4 |
| istio.io | istio | >= 1.11.0 < 1.11.1 | 1.11.1 |
| stylemix | directory_listings_wordpress_plugin_ulisting | < 1.7 | 1.7 |
| stylemixthemes | ulisting | <= 1.6.6 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h5x9-8r4g-vvqc: The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1
ghsa_unreviewed·2023-06-07
CVE-2021-4343 [CRITICAL] CWE-862 GHSA-h5x9-8r4g-vvqc: The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges.
GHSA
Authorization Policy Bypass Due to Case Insensitive Host Comparison
ghsa·2021-08-30
CVE-2021-39155 [HIGH] CWE-178 Authorization Policy Bypass Due to Case Insensitive Host Comparison
Authorization Policy Bypass Due to Case Insensitive Host Comparison
### Impact
According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The Envoy proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed.
As an example, the user may have an authorization policy that rejects request with hostname "httpbin.foo" for some source IPs, but the attacker can bypass this by sending the request with hostname "Httpbin.Foo".
### Patches
* Istio 1.11.1 and above
* Istio 1.10.4 and above
* Istio 1.9.8 and above
### Workarounds
A Lua filter may be written to normalize Host h
Red Hat
istio/istio: HTTP request can bypass authorization mechanisms due to case insensitive host comparison
vendor_redhat·2021-08-24·CVSS 8.3
CVE-2021-39155 [HIGH] CWE-863 istio/istio: HTTP request can bypass authorization mechanisms due to case insensitive host comparison
istio/istio: HTTP request can bypass authorization mechanisms due to case insensitive host comparison
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The proxy will route the request hostname in a case-insensitive way which means the authorization policy could be bypassed. As an example, the user may have an authorization policy that rejects request with hostname "httpbin.foo" for some source IPs, but the attacker can bypass this by sendin
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=cvehttps://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=cve
2023-06-07
Published