Vulnerabilities for Business directory plugin - easy listing directories (...) - CXSECURITY.COM

Vulnerabilities for
'Business directory plugin - easy listing directories'

2021-05-06

CVE-2021-24250

CWE-79

The Business Directory Plugin ??�??�?? Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.

CVE-2021-24178

CWE-352

The Business Directory Plugin ??�??�?? Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.

CVE-2021-24249

CWE-352

The Business Directory Plugin ??�??�?? Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc

CVE-2021-24179

CWE-352

The Business Directory Plugin ??�??�?? Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.

>>> Vendor: Strategy11 3 Products

Easy listing directories

Business directory plugin - easy listing directories

Formidable form builder

Copyright 2024, cxsecurity.com