115 matches found
CVE-2025-32249 WordPress DirectoryPress Plugin <= 3.6.22 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Designinvento DirectoryPress directorypress allows Cross Site Request Forgery.This issue affects DirectoryPress: from n/a through = 3.6.22...
WordPress DirectoryPress Plugin <= 3.6.22 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by thiennv in WordPress Plugin DirectoryPress versions = 3.6.22...
WordPress plugin DirectoryPress 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
CVE-2024-10581
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...
CVE-2024-10581
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...
CVE-2024-10581
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...
CVE-2024-10581 DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...
CVE-2024-10581 DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...
CVE-2024-10581
CVE-2024-10581 affects DirectoryPress Frontend for WordPress (
PT-2025-6498 · WordPress · Directorypress Frontend
Name of the Vulnerable Software and Affected Versions: DirectoryPress Frontend plugin for WordPress versions up to, and including, 2.7.9 Description: The issue is due to missing or incorrect nonce validation on the dpfl listingStatusChange function, making it possible for unauthenticated attacker...
WordPress plugin DirectoryPress Frontend 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress DirectoryPress Frontend plugin <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update vulnerability
Cross-Site Request Forgery to Listing Status Update vulnerability discovered by incognito in WordPress Plugin DirectoryPress Frontend versions = 2.7.9...
CVE-2024-38755
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10...
CVE-2024-32567
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7...
CVE-2024-49633
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...
CVE-2024-49633
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19...
CVE-2024-49633
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...
CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...
CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...
CVE-2024-49633
CVE-2024-49633 affects the WordPress plugin DirectoryPress (vulnerable: ≤ 3.6.19) with a Reflected XSS caused by improper neutralization of input during web page generation. Wordfence reports this vulnerability in the DirectoryPress entry and notes it has been patched in 3.6.19 ; no exploit detai...