CVE-2021-24250

The Business Directory Plugin  Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
strategy11business_directory_plugin_-_easy_listing_directories
𝑥
< 5.11.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/e23bf712-d891-4df7-99cc-9ef64f19f685
https://wpscan.com/vulnerability/e23bf712-d891-4df7-99cc-9ef64f19f685