Strategy11 CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Strategy11 Subscriptions

Search

Switch to Advanced Search (Beta)

Total 27 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-24249	1 Strategy11	1 Business Directory Plugin - Easy Listing Directories	2024-11-21	6.5 Medium
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
CVE-2021-24248	1 Strategy11	1 Business Directory Plugin - Easy Listing Directories	2024-11-21	7.2 High
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE
CVE-2021-24179	1 Strategy11	1 Business Directory Plugin - Easy Listing Directories	2024-11-21	8.8 High
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.
CVE-2021-24178	1 Strategy11	1 Business Directory Plugin - Easy Listing Directories	2024-11-21	8.8 High
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.
CVE-2019-15780	1 Strategy11	1 Formidable Form Builder	2024-11-21	9.8 Critical
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
CVE-2017-20194	1 Strategy11	2 Formidable Form Builder, Formidable Forms	2024-10-30	5.3 Medium
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.
CVE-2017-20192	1 Strategy11	1 Formidable Forms	2024-10-16	8.3 High
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.

« first previous Page 2 of 2.