CVE-2021-25060
CVE-2021-25060 affects the WordPress plugin Five Star Business Profile and Schema (versions before 2.1.7). The issue arises from missing authorization and CSRF checks on the AJAX actions bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information, allowing any authenticated user (e.g...