Vulnerabilities > Strategy11 > Business Directory Plugin Easy Listing Directories > High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-06	CVE-2021-24178	Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. network low complexity strategy11 CWE-352	8.8
2021-05-06	CVE-2021-24179	Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. network low complexity strategy11 CWE-352	8.8
2021-05-06	CVE-2021-24248	Unrestricted Upload of File with Dangerous Type vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE network low complexity strategy11 CWE-434	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.