Vulnerabilities > Connections PRO

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-29437 Cross-site Scripting vulnerability in Connections-Pro Connections Business Directory
Auth.
network
low complexity
connections-pro CWE-79
5.4
2021-11-01 CVE-2020-36503 Improper Neutralization of Formula Elements in a CSV File vulnerability in Connections-Pro Connections Business Directory
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
network
low complexity
connections-pro CWE-1236
8.0
2021-11-01 CVE-2021-24794 Cross-site Scripting vulnerability in Connections-Pro Connections Business Directory
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
network
low complexity
connections-pro CWE-79
4.8