{"id":"CVE-2021-24794","details":"The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.","modified":"2026-04-10T04:30:52.450489Z","published":"2021-11-01T09:15:09.477Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/connections-business-directory/connections","events":[{"introduced":"0"},{"fixed":"ab8e2391791cd4b0b1646ce9e932a48b203b08d6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.4.3"}]}}],"versions":["0.7.3.2","0.7.3.3","0.7.3.4","0.7.3.5","0.7.3.6","0.7.3.7","0.7.4","0.7.4.1","0.7.5","0.7.5.1","0.7.6","0.7.6.1","0.7.6.2","0.7.6.3","0.7.6.4","0.7.6.5","0.7.6.6","0.7.7","0.7.8","0.7.8.1","0.7.9","0.7.9.1","0.7.9.2","0.7.9.3","0.7.9.4","0.7.9.5","0.7.9.6","0.7.9.7","0.8.10","0.8.11","0.8.12","0.8.13","0.8.14","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.8","0.8.9","10.0","10.1","10.2","10.3","10.3.1","10.3.2","10.4","10.4.1","10.4.2","8.1","8.1.1","8.1.2","8.1.3","8.1.4","8.1.5","8.1.6","8.10","8.11","8.12","8.13","8.14","8.15","8.16","8.17","8.18","8.19","8.19.1","8.2","8.2.1","8.2.10","8.2.2","8.2.23","8.2.3","8.2.4","8.2.5","8.2.6","8.2.7","8.2.8","8.2.9","8.20","8.21","8.22","8.23","8.24","8.25","8.25.1","8.26","8.27","8.28","8.28.1","8.28.2","8.28.3","8.28.4","8.28.5","8.29","8.3","8.3.1","8.3.2","8.3.3","8.30","8.30.1","8.31","8.32","8.33","8.34","8.35","8.36","8.36.1","8.37","8.38","8.38.1","8.39","8.39.1","8.4","8.4.1","8.4.2","8.4.3","8.4.4","8.4.5","8.40","8.40.1","8.40.2","8.41","8.41.1","8.41.2","8.42","8.42.1","8.43","8.44","8.44.1","8.5","8.5.1","8.5.10","8.5.11","8.5.12","8.5.13","8.5.14","8.5.15","8.5.16","8.5.17","8.5.18","8.5.19","8.5.2","8.5.20","8.5.21","8.5.22","8.5.24","8.5.25","8.5.26","8.5.27","8.5.28","8.5.29","8.5.3","8.5.30","8.5.31","8.5.32","8.5.4","8.5.5","8.5.6","8.5.7","8.5.8","8.5.9","8.6","8.6.1","8.6.10","8.6.11","8.6.12","8.6.2","8.6.3","8.6.4","8.6.5","8.6.6","8.6.7","8.6.8","8.6.9","8.7","8.7.1","8.8","8.9","9.0","9.0.1","9.0.2","9.1","9.1.1","9.10","9.11","9.12","9.13","9.14","9.15","9.16","9.17","9.2","9.3","9.3.1","9.3.2","9.4","9.4.1","9.4.2","9.4.3","9.4.4","9.4.5","9.4.6","9.4.7","9.4.8","9.5","9.5.1","9.6","9.7","9.7.1","9.7.2","9.8","9.8.1","9.8.2","9.9","9.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24794.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}