VYPR

Business Directory Plugin

by WordPress

Source repositories

CVEs (10)

  • CVE-2021-24178HigMay 6, 2021
    risk 0.57cvss 8.8epss 0.01

    The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored…

  • CVE-2021-24248HigMay 6, 2021
    risk 0.47cvss 7.2epss 0.02

    The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example,…

  • CVE-2021-24249MedMay 6, 2021
    risk 0.42cvss 6.5epss 0.01

    The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get…

  • CVE-2021-24250MedMay 6, 2021
    risk 0.35cvss 5.4epss 0.01

    The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.

  • CVE-2025-64630MedDec 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.

  • CVE-2025-67596MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.

  • CVE-2025-64219MedOct 29, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.

  • CVE-2023-5803MedNov 30, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a…

  • CVE-2021-24251MedMay 6, 2021
    risk 0.28cvss 4.3epss 0.00

    The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from…

  • CVE-2024-13887MedMar 13, 2025
    risk 0.27cvss 5.3epss 0.00

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user…