CVE-2021-24178

CVE-2021-24178: Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS

Vendor Business Directory Team

Product Business Directory Plugin – Easy Listing Directories for WordPress

Weakness CWE-352 · CSRF

Published May 5, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.

Key dates

02Disclosure timeline

May 5, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24178 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-8795 BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover CVE-2026-8911 WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter CVE-2024-28195 Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify CVE-2023-24007 WordPress Admin Block Country Plugin <= 7.1.4 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2026-3191 Minify HTML <= 2.1.12 - Cross-Site Request Forgery to Plugin Settings Update