cleantalk
Vulnerabilities and Security Researches

Business Directory Plugin – Easy Listing Directories for WordPress, CVE-2023-5527

CVE, Research URL

CVE-2023-5527

Home page URL

Security reports for Business Directory Plugin – Easy Listing Directories for WordPress

Application

Business Directory Plugin – Easy Listing Directories for WordPress

Published on
Jun 18, 2024
Research Description
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Affected versions
max 6.4.4.
Status
vulnerable
Previous vulnerability researches
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2021-24179) , Jun 07, 2024
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2023-5803) , Jun 07, 2024
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2021-24248) , Jun 07, 2024
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2021-24249) , Jun 07, 2024
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2021-24250) , Jun 07, 2024
New vulnerability
Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) (CVE-2025-10047) , Nov 11, 2025
Advanced Ads – Ad Manager & AdSense (CVE-2025-10487) , Nov 11, 2025
Social proof testimonials and reviews by Repuso (CVE-2025-62071) , Nov 11, 2025
Error Log Viewer by BestWebSoft (CVE-2025-9950) , Nov 11, 2025
Fidelo Snippet (CVE-2025-53351) , Nov 11, 2025