A vulnerability, which was classified as critical, was found in uListing Plugin up to 1.6.6 on WordPress (WordPress Plugin). Affected is the function stm_listing_profile_edit of the component AJAX Action Handler. The manipulation with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-862. The product does not perform an authorization check when an actor attempts to access a resource or perform an action. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account's email address.

The weakness was disclosed 06/07/2023. The advisory is shared for download at wordfence.com. This vulnerability is traded as CVE-2021-4346 since 06/06/2023. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/05/2023).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-250892, VDB-250894, VDB-250904 and VDB-252322 are pretty similar.

Productinfo

Type

• WordPress Plugin

Name

• uListing Plugin

Version

• 1.6.0
• 1.6.1
• 1.6.2
• 1.6.3
• 1.6.4
• 1.6.5
• 1.6.6

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion