Vulnerability Details CVE-2021-24179
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2021-24179
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:-
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.0
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.10
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.10.1
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.6.2
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.7.2
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.7.3
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.7.4
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.7.5
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.7.6
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.8
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.8.1
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.8.2
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.8.3
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.9
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.9.1
-
cpe:2.3:a:strategy11:business_directory_plugin_-_easy_listing_directories:5.9.2