CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24249 – Business Directory Plugin < 5.11.2 - Arbitrary Listing Export
https://notcve.org/view.php?id=CVE-2021-24249
12 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11.2, sufría un problema de tipo Cross-Site Request Forgery, permitiendo a un atacante ... • https://wpscan.com/vulnerability/fc4cf749-34ef-43b8-a529-5065d698ab81 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24251 – Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update
https://notcve.org/view.php?id=CVE-2021-24251
12 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example) El plugin Business Directory: Easy Listing Directories para WordPress versiones anteriores a 5.11.2, sufría un problema de tipo Cross-Site Request Forgery, permitiendo a un atacante hacer que un administr... • https://wpscan.com/vulnerability/c9911236-4af3-4557-9bc0-217face534e1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24250 – Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24250
12 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11.2, sufrió de falta de saneamiento en la etiqueta de los Campos de Formulario, conllevando a problemas de tipo Cross-Site Scripting Almacenado ... • https://wpscan.com/vulnerability/e23bf712-d891-4df7-99cc-9ef64f19f685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24179 – Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE
https://notcve.org/view.php?id=CVE-2021-24179
11 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11, sufría un problema de tipo Cross-Site Request Forgery, permitiendo a un atacante hacer que un administrador inicia... • https://wpscan.com/vulnerability/c0a5cdde-732a-432a-86c2-776df5d130a7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24178 – Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS
https://notcve.org/view.php?id=CVE-2021-24178
11 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. El plugin Business Directory Plugin Easy Listing Directories para WordPress versiones anteriores a 5.11.1, sufría problemas de tipo Cross-Site Request Forgery, permitiendo a un atacante hacer que un administrador... • https://wpscan.com/vulnerability/700f3b04-8298-447c-8d3c-4581880a63b5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24248 – Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE
https://notcve.org/view.php?id=CVE-2021-24248
11 Apr 2021 — The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE El plugin Business Directory - Easy Listing Directories para WordPress versiones anteriores a 5.11.1, no comprobaba apropiadamente los archivos importados, lo que prohibía determinadas extensiones por medio de un enfoque... • https://wpscan.com/vulnerability/ca886a34-cd2b-4032-9de1-8089b5cf3001 • CWE-434: Unrestricted Upload of File with Dangerous Type •