cleantalk
Vulnerabilities and Security Researches

Directory Listings WordPress plugin – uListing, CVE-2021-4345

CVE, Research URL

CVE-2021-4345

Home page URL

Security reports for Directory Listings WordPress plugin – uListing

Application

Directory Listings WordPress plugin – uListing

Published on
Jun 07, 2023
Research Description
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities.
Affected versions
Min -, max 1.7.
Status
vulnerable
Previous vulnerability researches
Directory Listings WordPress plugin – uListing (CVE-2021-36875) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36877) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36880) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36874) , Jun 07, 2024
Directory Listings WordPress plugin – uListing (CVE-2021-36876) , Jun 07, 2024
New vulnerability
Export All Posts, Products, Orders, Refunds & Users (CVE-2025-2332) , Mar 28, 2025
Doneren met Mollie (CVE-2025-30779) , Mar 28, 2025
Cart tracking for WooCommerce (CVE-2025-30791) , Mar 28, 2025
Church Admin (CVE-2025-26941) , Mar 28, 2025
Audio Album (CVE-2025-30780) , Mar 28, 2025