CVE-2026-57339
MediumCVSS 6.5Summary
The Business Directory plugin version 6.4.23 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.
Risk Assessment
The risk involves potential takeover of the business directory by an unauthenticated attacker, leading to modification, deletion, or theft of business data and compromise of site integrity.
Recommendation
Immediately update the Business Directory plugin to the latest available version that addresses this vulnerability. If an update is not possible, temporarily disable the plugin until a patch is applied.
Original NVD description (English source)
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.

