Vulnerabilities > Strategy11 > Business Directory Plugin Easy Listing Directories > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-06	CVE-2021-24249	Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc network low complexity strategy11 CWE-352	6.5
2021-05-06	CVE-2021-24250	Cross-site Scripting vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. network low complexity strategy11 CWE-79	5.4
2021-05-06	CVE-2021-24251	Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Business Directory Plugin - Easy Listing Directories The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example) network low complexity strategy11 CWE-352	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.