Filtered by vendor Fivestarplugins
Subscriptions
Filtered by product Five Star Business Profile And Schema
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25060 | 1 Fivestarplugins | 1 Five Star Business Profile And Schema | 2024-11-21 | 5.4 Medium |
| The Five Star Business Profile and Schema WordPress plugin before 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Furthermore, due to the lack of sanitisation, it also lead to Stored Cross-Site Scripting issues | ||||
Page 1 of 1.