Aggregates CVE and security vulnerability intelligence across all connections-pro-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk denial of service and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-13926 | The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS. | [email protected] | 7.5 | 0.48% | 2025-04-19 | 2025-05-28 |
| CVE-2023-29437 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions. | [email protected] | 6.5 | 0.08% | 2023-06-26 | 2024-11-21 |
| CVE-2021-24794 | The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed. | [email protected] | 4.8 | 0.27% | 2021-11-01 | 2024-11-21 |
| CVE-2020-36503 | The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | [email protected] | 8.0 | 1.27% | 2021-11-01 | 2024-11-21 |