Security Advisory

CVE-2021-4381

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-07 01:51:54

Last updated 2026-04-08 17:35:19

Assigner Wordfence

State PUBLISHED

Description

The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.

← Browse all CVEs View on cve.org ↗