Filtered by vendor Fivestarplugins
Subscribe
Filtered by product Five Star Business Profile And Schema
Subscribe
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25060 | 1 Fivestarplugins | 1 Five Star Business Profile And Schema | 2022-02-28 | 3.5 LOW | 5.4 MEDIUM |
| The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | |||||