Esterox

esterox

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5807 1Esterox 1Business Card Jun 17, 2026 Jul 30, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, e...Show more The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.Show less
CVE-2024-4532 1Esterox 1Business Card Jun 17, 2026 May 27, 2024 N/A· v4 6.4 MEDIUM· v3 N/A· v2 The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks
CVE-2024-4531 1Esterox 1Business Card Jun 17, 2026 May 27, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks
CVE-2024-4530 1Esterox 1Business Card Jun 17, 2026 May 27, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks
CVE-2024-4529 1Esterox 1Business Card Jun 17, 2026 May 27, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks