CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-25060

The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/9e1ac711-1f65-49fa-b007-66170a77b265
https://wpscan.com/vulnerability/9e1ac711-1f65-49fa-b007-66170a77b265

Products affected by CVE-2021-25060

Fivestarplugins » Five Star Business Profile And Schema » Version: Any

cpe:2.3:a:fivestarplugins:five_star_business_profile_and_schema:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-25060

Products

Pricing

Contact Us