CVE-2021-24179

State: PUBLISHED · Published: 2021-05-05 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Business Directory Team / Business Directory Plugin – Easy Listing Directories for WordPress — v=5.11 <5.11 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/c0a5cdde-732a-432a-86c2-776df5d130a7 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24179.json