Vulnerabilities and security researches forconnections connections

Jun 06, 2024

CVE, Research URL: CVE-2011-5254
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Jan 12, 2013
Research Description: Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.
Affected versions: max 0.7.1.6.
Status: vulnerable

CVE, Research URL: CVE-2023-29437
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Jun 26, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.
Affected versions: max 10.4.37.
Status: vulnerable

CVE, Research URL: CVE-2020-36503
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Nov 01, 2021
Research Description: The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
Affected versions: max 9.7.
Status: vulnerable

CVE, Research URL: CVE-2016-0770
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Mar 16, 2017
Research Description: Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.
Affected versions: max 8.5.9.
Status: vulnerable

CVE, Research URL: CVE-2021-24794
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Nov 01, 2021
Research Description: The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
Affected versions: max 10.4.3.
Status: vulnerable

Jan 27, 2025

CVE, Research URL: CVE-2024-12885
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Jan 25, 2025
Research Description: The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content.
Affected versions: max 10.4.66.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 65eca907891dbfcf2681a4520081683ffbef5d93
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Feb 20, 2014
Research Description: Connections Business Directory [connections] < 0.7.9.4 (closed) Connections Business Directory < 0.7.9.4 - Cross-Site Scripting The Connections Business Directory for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 0.7.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 0.7.9.4.
Status: vulnerable

CVE, Research URL: 9748b513-3940-4c81-8995-15cb70d95d43
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: -
Research Description: Connections Business Directory [connections] < 0.7.9.4 (closed) Connections Business Directory <= 0.7.9.3 - Pagination URL H&ling XSS The Connections Business Directory WordPress plugin was affected by a Pagination URL H&ling XSS security vulnerability.
Affected versions: max 0.7.9.4.
Status: vulnerable

CVE, Research URL: d8069730be5a6f8a8f485d6e58e29a53506a268b
Home page URL: Security reports for Connections Business Directory
Application: Connections Business Directory
Date: Aug 01, 2014
Research Description: Connections Business Directory [connections] < 0.7.9.4 (closed) WordPress Connections Business Directory Plugin <= 0.7.9.3 - Cross-Site Scripting (XSS) vulnerability This plugin is prone to a Pagination URL H&ling XSS vulnerability. Update the plugin.
Affected versions: max 0.7.9.4.
Status: vulnerable