Filtered by vendor Strategy11
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24249 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc | |||||
| CVE-2021-24248 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE | |||||
| CVE-2021-24179 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. | |||||
| CVE-2021-24178 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. | |||||
| CVE-2019-15780 | 1 Strategy11 | 1 Formidable Form Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The formidable plugin before 4.02.01 for WordPress has unsafe deserialization. | |||||
| CVE-2017-20194 | 1 Strategy11 | 1 Formidable Form Builder | 2024-10-30 | N/A | 5.3 MEDIUM |
| The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. | |||||