CVE-2021-24179

Name of the Vulnerable Software and Affected Versions: The Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 5.11

Description: The issue allows an attacker to make a logged-in administrator import files due to a Cross-Site Request Forgery problem. Additionally, the plugin's failure to validate uploaded files could lead to Remote Code Execution (RCE).

Recommendations: For versions prior to 5.11, update to version 5.11 or later to resolve the issue. As a temporary workaround, consider restricting file import functionality to minimize the risk of exploitation. Avoid using the file import feature until the issue is resolved.