This vulnerability in CMSJunkie's WP-BusinessDirectory WordPress plugin (versions up to 3.1.4) allows an attacker to conduct Blind SQL Injection attacks by exploiting improper neutralization of special elements in SQL commands. The flaw enables remote, unauthenticated attackers to extract sensitive information from the database, impacting confidentiality and causing limited availability disruption. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and scope change with high confidentiality impact and low availability impact.

Successful exploitation can lead to unauthorized disclosure of sensitive database information (confidentiality impact is high). The availability impact is low, meaning the service may experience minor disruptions. Integrity impact is not indicated. The vulnerability can be exploited remotely without authentication or user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin to mitigate risk. Monitor vendor channels for updates and apply patches promptly once released.