← volver
CVE-2021-24249

Business Directory Plugin < 5.11.2 - Arbitrary Listing Export

EPSS 0.7%CWE-352
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 may 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
Productos afectados
Business Directory Team · Business Directory Plugin – Easy Listing Directories for WordPress

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/fc4cf749-34ef-43b8-a529-5065d698ab81