VYPR

Connections Business Directory

by Steven A. Zahm

CVEs (2)

  • CVE-2024-12885MedJan 25, 2025
    risk 0.42cvss 6.5epss 0.01

    The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated…

  • CVE-2023-29437MedJun 26, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.