WordPress Plugin Vulnerabilities

Business Directory Plugin < 6.3.10 - Contributor+ Arbitrary Listing Deletion

Description

The plugin is vulnerable to unauthorized loss of data due to a missing capability check on the 'dispatch' function, allowing authenticated attackers, with contributor-level access and above, to delete listings.

Affects Plugins

Plugin icon
business-directory-plugin
Fixed in 6.3.10

References

CVE
CVE-2023-51516
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea3c5188-4570-4958-8b2d-69048b10c5f9

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
2.7 (low)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
26d308ef-d79e-4bb6-bd73-534710306b3a

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-03 (about 2 years ago)
Last Updated
2024-01-03 (about 2 years ago)

Other

Published
Title
Published
2026-02-17
Title
Business Directory Plugin < 6.4.21 - Missing Authorization to Unauthenticated Arbitrary Listing Modification
Published
2023-11-28
Title
IdeaPush < 8.58 - Subscriber+ Memory Tab/Routine/Taxonomy Creation
Published
2023-10-24
Title
DoLogin Security < 3.8 - Missing Authorization via REST Endpoints
Published
2026-02-10
Title
Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update
Published
2025-01-25
Title
Quiz Maker Business, Developer, and Agency - Unauthenticated Arbitrary Shortcode Execution