CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13753

The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.2%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2024-13753

Webcodingplace » Ultimate Classified Listings » Version: N/A

cpe:2.3:a:webcodingplace:ultimate_classified_listings:-
Webcodingplace » Ultimate Classified Listings » Version: 1.0.0

cpe:2.3:a:webcodingplace:ultimate_classified_listings:1.0.0
Webcodingplace » Ultimate Classified Listings » Version: 1.1

cpe:2.3:a:webcodingplace:ultimate_classified_listings:1.1
Webcodingplace » Ultimate Classified Listings » Version: 1.2

cpe:2.3:a:webcodingplace:ultimate_classified_listings:1.2
Webcodingplace » Ultimate Classified Listings » Version: 1.3

cpe:2.3:a:webcodingplace:ultimate_classified_listings:1.3
Webcodingplace » Ultimate Classified Listings » Version: 1.4

cpe:2.3:a:webcodingplace:ultimate_classified_listings:1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13753

Products

Pricing

Contact Us