Vulnerabilities > Strategy11 > Business Directory Plugin Easy Listing Directories > 5.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-24178 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. | 8.8 |
| 2021-05-06 | CVE-2021-24179 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. | 8.8 |
| 2021-05-06 | CVE-2021-24248 | Unrestricted Upload of File with Dangerous Type vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE | 7.2 |
| 2021-05-06 | CVE-2021-24249 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc | 6.5 |
| 2021-05-06 | CVE-2021-24250 | Cross-site Scripting vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. | 5.4 |
| 2021-05-06 | CVE-2021-24251 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example) | 4.3 |