16 matches found
CVE-2025-10488
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
WordPress plugin Directorist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
EUVD-2025-35929
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
CVE-2025-10488
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
CVE-2025-10488
CVE-2025-10488 — Directorist (WordPress)
CVE-2025-10488 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...
PT-2025-43716
Name of the Vulnerable Software and Affected Versions Directorist versions up to and including 8.4.8 Description The Directorist plugin for WordPress is susceptible to arbitrary file move due to inadequate file path validation within the add listing action AJAX action. This allows unauthenticated...
VulnCheck KEV: CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
Authentication flaw
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
PT-2023-21067 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API plugin for WordPress versions up to, and including, 3.9.2 Description: The issue is related to insufficient verification of the user being supplied during the "add listing" REST API request through the plugin. This allows...
CVE-2021-24253
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to...
scoot.co.uk XSS vulnerability
Vulnerable URL: http://www.scoot.co.uk/add-listing?campaignidentifier="'--!confirmOPENBUGBOUNTY...
iDev Rentals 1.0 - Multiple Vulnerabilities
iDev Rentals 1.0 - Multiple Vulnerabilities Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================...
iDev Rentals 1.0 Cross Site Scripting
Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...