CVE-2021-24251

State: PUBLISHED · Published: 2021-05-05 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example)

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Business Directory Team / Business Directory Plugin – Easy Listing Directories for WordPress — v=5.11.2 <5.11.2 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/c9911236-4af3-4557-9bc0-217face534e1 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24251.json