Connections Business Directory <= 8.5.8 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2016-02-01

Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable.

CVE

https://www.cve.org/CVERecord?id=CVE-2016-0770

CVSS

Score:6.1

Severity:Medium

Version: 8.5.8

There is a patch available in v8.5.9 and we strongly recommend you update to this version as soon as possible.