cbcvebase.
CVE-2021-4370
published 2023-06-07

CVE-2021-4370: The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.40%
69.1th percentile
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection.

Affected

7 ranges
VendorProductVersion rangeFixed in
msrcmicrosoft_exchange_server_2013_cumulative_update_23
msrcmicrosoft_exchange_server_2016_cumulative_update_18
msrcmicrosoft_exchange_server_2016_cumulative_update_19
msrcmicrosoft_exchange_server_2019_cumulative_update_7
msrcmicrosoft_exchange_server_2019_cumulative_update_8
stylemixdirectory_listings_wordpress_plugin_ulisting< 1.71.7
stylemixthemesulisting<= 1.6.6

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.