Login Sign Up

CVE-2021-36879

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to escalate privileges in WordPress sites using the uListing plugin (versions 2.0.5 and earlier). Attackers can gain administrative access without credentials if user registration is enabled. All WordPress sites with the vulnerable uListing plugin installed are affected.

💻 Affected Systems

Products:
  • WordPress uListing plugin
Versions: <= 2.0.5
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress configuration allowing user registration to be exploitable.

📦 What is this software?

Ulisting by Stylemixthemes

View all CVEs affecting Ulisting →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover with administrative access, allowing data theft, malware injection, defacement, and further network compromise.

🟠

Likely Case

Unauthorized administrative access leading to content manipulation, plugin/theme installation, and user account compromise.

🟢

If Mitigated

Limited impact if user registration is disabled or proper access controls prevent exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.6

Vendor Advisory: https://wordpress.org/plugins/ulisting/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find uListing plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.0.6+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable user registration

all

Prevents exploitation by disabling the user registration feature that the vulnerability requires.

Temporary plugin deactivation

all

Disable the uListing plugin until patched to eliminate the attack surface.

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block privilege escalation attempts
  • Restrict access to WordPress admin interface using IP whitelisting

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for uListing version <= 2.0.5.

Check Version:

wp plugin list --name=ulisting --field=version (if WP-CLI installed)

Verify Fix Applied:

Confirm uListing plugin version is 2.0.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user role changes in WordPress logs
  • Multiple failed registration attempts from single IP
  • Administrative actions from newly created users

Network Indicators:

  • POST requests to user registration endpoints with privilege escalation parameters
  • Unusual traffic to /wp-admin/ from unauthenticated sources

SIEM Query:

source="wordpress.log" AND ("user_role_changed" OR "new_user_admin")

📊 Metadata

CVE ID: CVE-2021-36879
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-264
Published: September 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36879, you might also want to check these:

CVE-2022-36246 9.8

Shop Beat Media Player versions 2.5.95 through 3.2.57 have insecure permissions that allow unauthori...

Same vulnerability type (CWE-264)
CVE-2022-33198 9.8

This vulnerability allows unauthenticated attackers to modify WordPress options through the Accordio...

Same vulnerability type (CWE-264)
CVE-2021-27644 8.8

CVE-2021-27644 is a SQL injection vulnerability in Apache DolphinScheduler's data source center that...

Same vulnerability type (CWE-264)