1. Home
  2. CVE Database
  3. CVE-2021-24249
MEDIUM · 6.5

CVE-2021-24249

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in adminis...

Vulnerability Description

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Strategy11Business Directory Plugin - Easy Listing Directories< 5.11.2

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2021-24249?

CVE-2021-24249 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in adminis...

How severe is CVE-2021-24249?

CVE-2021-24249 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24249?

Check the references section above for vendor advisories and patch information. Affected products include: Strategy11 Business Directory Plugin - Easy Listing Directories.