CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

503 matches found

Nuclei•added 13 hours ago•48 views

Business Directory Plugin <= 6.4.2 - SQL Injection

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS5.8AI score0.10272EPSS

Exploits1References4

NVD•added yesterday•7 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

Exploits0References1

NVD•added yesterday•7 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

Exploits0References1

NVD•added yesterday•7 views

CVE-2026-57326

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-40110

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-57339

The CVE-2026-57339 entry concerns an Unauthenticated Broken Access Control flaw in the WordPress Business Directory plugin up to version 6.4.23 . The available data confirm the affected product and version range, with the underlying issue categorized as broken access control (no additional techni...

6.5CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•23 views

CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-40099

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS5.8AI score

Exploits0References1

CVE•added yesterday•8 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•24 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-40097

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS5.8AI score

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-57326

The CVE-2026-57326 entry concerns an Unauthenticated Cross Site Scripting (XSS) in the WordPress Business Directory plugin up to version 6.4.22 . The connected documents consistently describe the issue as an XSS vulnerability affecting that plugin version range. The vulnerability is reported with...

6.1CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•25 views

CVE-2026-57326 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

Exploits0References1

NVD•added 2026/06/19 6:16 p.m.•6 views

CVE-2019-25752

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS0.00366EPSS

Exploits0References4

Vulnrichment•added 2026/06/19 5:15 p.m.•6 views

CVE-2019-25752 Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS6.2AI score0.00366EPSS

Exploits0References4

Positive Technologies•added 2026/06/19 12:0 a.m.•14 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS

Exploits0References8

EUVD•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36969

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS5.2AI score0.00465EPSS

Exploits0References2

NVD•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-39591

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS0.00465EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•26 views

CVE-2026-39591 WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS0.00465EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•8 views

CVE-2026-39591

The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...

9.9CVSS5.2AI score0.00465EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by