Security Advisory

CVE-2021-4341

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-07 01:51:13

Last updated 2026-04-08 16:37:34

Assigner Wordfence

State PUBLISHED

Description

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.

← Browse all CVEs View on cve.org ↗