CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24251 – Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update
https://notcve.org/view.php?id=CVE-2021-24251
12 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example) El plugin Business Directory: Easy Listing Directories para WordPress versiones anteriores a 5.11.2, sufría un problema de tipo Cross-Site Request Forgery, permitiendo a un atacante hacer que un administr... • https://wpscan.com/vulnerability/c9911236-4af3-4557-9bc0-217face534e1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24250 – Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24250
12 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11.2, sufrió de falta de saneamiento en la etiqueta de los Campos de Formulario, conllevando a problemas de tipo Cross-Site Scripting Almacenado ... • https://wpscan.com/vulnerability/e23bf712-d891-4df7-99cc-9ef64f19f685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24179 – Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE
https://notcve.org/view.php?id=CVE-2021-24179
11 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11, sufría un problema de tipo Cross-Site Request Forgery, permitiendo a un atacante hacer que un administrador inicia... • https://wpscan.com/vulnerability/c0a5cdde-732a-432a-86c2-776df5d130a7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24178 – Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS
https://notcve.org/view.php?id=CVE-2021-24178
11 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11.1, sufría problemas de tipo Cross-Site Request Forgery, permitiendo a un atacante hacer que un administrador... • https://wpscan.com/vulnerability/700f3b04-8298-447c-8d3c-4581880a63b5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24248 – Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE
https://notcve.org/view.php?id=CVE-2021-24248
11 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE El plugin Business Directory - Easy Listing Directories para WordPress versiones anteriores a 5.11.1, no comprobaba apropiadamente los archivos importados, lo que prohibía determinadas extensiones por medio de un enfoque... • https://wpscan.com/vulnerability/ca886a34-cd2b-4032-9de1-8089b5cf3001 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 3CVE-2021-24884 – Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24884
28 Jan 2021 — The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15780 – Formidable Form Builder <= 4.02 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2019-15780
09 Aug 2019 — The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. El plugin formidable versiones anteriores a 4.02.01 para WordPress, presenta una deserialización no segura. • https://pentest.co.uk/labs/advisory/cve-2019-15780 • CWE-502: Deserialization of Untrusted Data •