CVE-2024-43277 WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15...

CVE-2024-43277

CVE-2024-43277 is a Missing Authorization (Broken Access Control) issue in the UsersWP WordPress plugin (Versions up to 1.2.15). The vulnerability arises from incorrectly configured access control security levels, enabling unauthorized access as described in the CVE entry. The affected product is...

CVE-2024-43277 WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15...

CVE-2024-43973 WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...

CVE-2024-43973

CVE-2024-43973 affects GetPaid (WordPress plugin) by AyeCode, with Missing Authorization via column_subscription() in versions up to 2.8.11. Public records (NVD/NVD-derived CVE feeds) confirm a broken access control allowing unauthorized activity related to GetPaid’s subscription data. PT-Securit...

CVE-2024-43981

CVE-2024-43981 is a Missing Authorization vulnerability in the GeoDirectory WordPress plugin (GeoDirectory – WP Business Directory Plugin and Classified Listings Directory). Affected range: GeoDirectory versions up to 2.3.70. The Red Hat and ENISA entries similarly describe the issue. The known r...

CVE-2024-50437

CVE-2024-50437 is a stored XSS vulnerability in the WordPress GeoDirectory plugin (versions

CVE-2024-50437 WordPress GeoDirectory plugin <= 2.3.80 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through = 2.3.80...

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...

CVE-2024-43145

CVE-2024-43145 is a SQL Injection in the WordPress plugin GeoDirectory by AyeCode Ltd. It affects GeoDirectory versions up to 2.3.61 (authenticated, Subscriber+ context in disclosures). The root cause is improper neutralization of special elements in SQL queries, allowing an attacker with subscri...

CVE-2024-43145 WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...

CVE-2024-31936

Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...

CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...

CVE-2024-31936

CVE-2024-31936 is a CSRF vulnerability in the WordPress plugin UsersWP by AyeCode Ltd. Affected versions are any before 1.2.6. The CVSS base metrics indicate a Medium severity (3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L; base score 5.4). The provided sources do not specify exploit details or...

CVE-2023-50845

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...

CVE-2023-50845 WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...

CVE-2023-50845

CVE-2023-50845 concerns the GeoDirectory WordPress plugins (GeoDirectory – WordPress Business Directory Plugin; Classified Directory) from AyeCode. Connected Red Hat entry confirms the issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting GeoDi...

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

Input validation

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...