RSS   Podatności dla 'Connections business directory'   RSS

2021-11-01
 
CVE-2020-36503

CWE-1236
 
 
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue

 
 
CVE-2021-24794

CWE-79
 
 
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.

 

Copyright 2024, cxsecurity.com

 

Back to Top