Business Directory
CVE-2023-5803
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin - Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin - Easy Listing Directories for WordPress: from n/a through 6.3.10.
AnalysisAI
Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin - Easy Listing Directories for WordPress allows Cross-Site Request Forgery.3.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin - Easy Listing Directories for WordPress allows Cross-Site Request Forgery.3.10. Affected products include: Businessdirectoryplugin Business Directory. Version information: through 6.3.10..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
More in Business Directory
View allThe Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.
Broken Access Control in the Business Directory WordPress plugin (versions 6.4.23 and below) permits unauthenticated rem
Cross-site scripting in the Business Directory WordPress plugin (versions 6.4.22 and earlier) allows authenticated subsc
Unauthenticated cross-site scripting in the Business Directory WordPress plugin (versions <= 6.4.22) allows remote attac
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today