Lucene search
+L

13 matches found

cvelist
cvelist
added 2026/07/03 4:30 a.m.41 views

CVE-2026-8892 CM Business Directory <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Business Address Meta Fields

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
cve
cve
added 2026/07/03 4:30 a.m.19 views

CVE-2026-8892

CVE-2026-8892 affects the CM Business Directory plugin for WordPress (versions up to and including 1.5.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via the Business Address Meta Fields, caused by insufficient input sanitization and output escaping. Authenticated attackers with con...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/07/03 4:30 a.m.9 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/02/20 1:27 p.m.7 views

CVE-2026-25004

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through = 1.5.3...

5.9CVSS5.5AI score0.00226EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/19 8:26 a.m.4 views

CVE-2026-25004 WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through = 1.5.3...

5.9CVSS5.9AI score0.00226EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.10 views

WordPress plugin CM Business Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00226EPSS
Exploits0References1
patchstack
patchstack
added 2026/01/16 1:40 p.m.8 views

WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Arif Shaikh in WordPress Plugin CM Business Directory versions = 1.5.3...

5.4AI score0.00226EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31203

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00223EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/09/26 1:47 a.m.4 views

CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbdfeaturedimage' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00223EPSS
Exploits0References5
cvelist
cvelist
added 2025/09/26 1:47 a.m.10 views

CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbdfeaturedimage' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00223EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/09/26 12:0 a.m.5 views

WordPress plugin CM Business Directory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/11/26 12:0 a.m.7 views

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.1CVSS7.8AI score0.00584EPSS
Exploits0References16
patchstack
patchstack
added 2024/11/25 9:52 p.m.1 views

WordPress CM Business Directory plugin <= 1.4.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin CM Business Directory versions = 1.4.1...

6.1CVSS8.1AI score0.00584EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder