GeoDirectory < 2.1.1.3 - Authenticated Stored Cross-Site Scripting (XSS)
CVE-2021-24720

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Business Directory Plugin | Geodirectory
Vendor: CVE Published:; 11 October 2021

Summary

The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).

Affected Version(s)

Business Directory Plugin | GeoDirectory 2.1.1.3

References

https://wpscan.com/vulnerability/9de5cc51-f64c-4475-a0f4-...

x_refsource_MISC

https://github.com/BigTiger2020/word-press/blob/main/Wrod...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2596452/geod...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Thinkland Security Team

.