Listdom
Monthly
Blind SQL injection in Webilia's Listdom WordPress plugin (versions up to and including 5.4.0) allows remote unauthenticated attackers to inject SQL fragments into back-end queries and extract data inferentially. The flaw carries a 9.3 CVSS score with a scope change (S:C), indicating the injection can affect resources beyond the vulnerable component. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthenticated privilege escalation in the Listdom WordPress plugin versions 5.5.0 and earlier allows remote attackers to elevate privileges without any authentication or user interaction. The flaw is tracked under CWE-266 (Incorrect Privilege Assignment) and was reported by Patchstack; no public exploit identified at time of analysis. Affected sites running this Webilia-developed directory listing plugin face risk of unauthorized account or capability elevation through exposed plugin endpoints.
Blind SQL injection in Webilia's Listdom WordPress plugin (versions up to and including 5.4.0) allows remote unauthenticated attackers to inject SQL fragments into back-end queries and extract data inferentially. The flaw carries a 9.3 CVSS score with a scope change (S:C), indicating the injection can affect resources beyond the vulnerable component. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthenticated privilege escalation in the Listdom WordPress plugin versions 5.5.0 and earlier allows remote attackers to elevate privileges without any authentication or user interaction. The flaw is tracked under CWE-266 (Incorrect Privilege Assignment) and was reported by Patchstack; no public exploit identified at time of analysis. Affected sites running this Webilia-developed directory listing plugin face risk of unauthorized account or capability elevation through exposed plugin endpoints.