High severity7.5NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026
CVE-2021-4339
CVE-2021-4339
Description
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.