The plugin called Business Directory on WordPress has a security issue where data can be changed without permission. This is because the dispatch() function does not have a check for capabilities. This means that people who are logged in and have the role of subscriber or higher can make changes to listings.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
