← back
CVE-2021-24794

Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting

EPSS 0.7%CWE-79
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
Affected products
Unknown · Connections Business Directory

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5