CVE-2021-24251

Name of the Vulnerable Software and Affected Versions The Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 5.11.2

Description The issue allows an attacker to perform a Cross-Site Request Forgery, enabling them to make a logged-in administrator update arbitrary payment history. This can include changing the status of payments, for example, from pending to completed.

Recommendations For versions prior to 5.11.2, update to version 5.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to payment history update functionality until the update is applied.