CVE-2021-24249
First published: Thu May 06 2021(Updated: )
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Strategy11 Business Directory Plugin - Easy Listing Directories | <5.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Business Directory Plugin for WordPress plugin before version 5.11.2?
The vulnerability ID is CVE-2021-24249.
How severe is CVE-2021-24249 for the Business Directory Plugin for WordPress plugin?
The severity of CVE-2021-24249 is medium with a CVSS score of 6.5.
What is the impact of CVE-2021-24249 for the Business Directory Plugin for WordPress plugin?
The vulnerability allows an attacker to perform Cross-Site Request Forgery, potentially accessing Personally Identifiable Information (PII) through file exports.
Can an attacker download files containing PII by exploiting CVE-2021-24249 in the Business Directory Plugin for WordPress plugin?
Yes, an attacker could download files with PII by exploiting this vulnerability.
Is there a reference link for more information on CVE-2021-24249 in the Business Directory Plugin for WordPress plugin?
For more information, you can refer to the following link: https://wpscan.com/vulnerability/fc4cf749-34ef-43b8-a529-5065d698ab81.
- collector/nvd-index
- vendor/strategy11
- product/business directory plugin - easy listing directories
- canonical/strategy11 business directory plugin - easy listing directories