Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-01-25

CVE-2024-12885 - Connections Business Directory Plugin

The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content.

PLUGIN Connections Business Directory

CVE-2024-12885

MEDIUM CVSS 6.5 2025-01-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24794 - Connections Business Directory Plugin

The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.

PLUGIN Connections Business Directory

CVE-2021-24794

MEDIUM CVSS 4.8 2021-11-01

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2024-12885 - Connections Business Directory Plugin

CVE-2021-24794 - Connections Business Directory Plugin

Company Links

Contact Us