Vulnerabilities and security researches forbusiness-directory-plugin business-directory-plugin
Direction: ascendingBusiness Directory Plugin – Easy Listing Directories for WordPress # CVE-2021-24179
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 06, 2021
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.
- Affected versions
-
max 4.1.14.1.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2023-5803
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- Nov 30, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.
- Affected versions
-
max 6.3.11.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2021-24248
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 06, 2021
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE
- Affected versions
-
max 5.11.1.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2021-24249
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 06, 2021
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
- Affected versions
-
max 5.11.2.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2021-24250
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 06, 2021
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
- Affected versions
-
max 5.11.2.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2021-24251
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 06, 2021
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example)
- Affected versions
-
max 5.11.2.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2024-4443
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 22, 2024
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 6.4.3.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2021-24178
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- May 06, 2021
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.
- Affected versions
-
max 5.11.1.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2023-51516
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- Jun 14, 2024
- Research Description
- Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.
- Affected versions
-
max 6.3.10.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2023-5527
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- Jun 18, 2024
- Research Description
- The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
- Affected versions
-
max 6.4.4.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2024-13887
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- Mar 13, 2025
- Research Description
- The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings.
- Affected versions
-
max 6.4.15.
- Status
-
vulnerable
Business Directory Plugin – Easy Listing Directories for WordPress # CVE-2025-64219
- CVE, Research URL
- Home page URL
-
Security reports for Business Directory Plugin – Easy Listing Directories for WordPress
- Date
- Oct 29, 2025
- Research Description
- Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
- Affected versions
-
max 6.4.18.
- Status
-
vulnerable