Medium severity4.8NVD Advisory· Published Nov 1, 2021· Updated Jun 17, 2026
CVE-2021-24794
CVE-2021-24794
Description
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Connections Business Directorydescription
- Range: <10.4.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.