Lucene search
K

115 matches found

Cvelist
Cvelist
added 2025/04/04 3:59 p.m.18 views

CVE-2025-32249 WordPress DirectoryPress Plugin <= 3.6.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Designinvento DirectoryPress directorypress allows Cross Site Request Forgery.This issue affects DirectoryPress: from n/a through = 3.6.22...

5.4CVSS0.00212EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/04 1:38 p.m.7 views

WordPress DirectoryPress Plugin <= 3.6.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by thiennv in WordPress Plugin DirectoryPress versions = 3.6.22...

5.4CVSS6.9AI score0.00212EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.2 views

WordPress plugin DirectoryPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

5.4CVSS5.7AI score0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/17 12:30 p.m.9 views

CVE-2024-10581

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

4.3CVSS9.1AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/02/15 12:15 p.m.16 views

CVE-2024-10581

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

4.3CVSS0.00154EPSS
Exploits0References2
OSV
OSV
added 2025/02/15 12:15 p.m.6 views

CVE-2024-10581

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

4.3CVSS5.6AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/15 11:26 a.m.21 views

CVE-2024-10581 DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

4.3CVSS0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/15 11:26 a.m.14 views

CVE-2024-10581 DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

4.3CVSS4.3AI score0.00154EPSS
Exploits0References2
CVE
CVE
added 2025/02/15 11:26 a.m.54 views

CVE-2024-10581

CVE-2024-10581 affects DirectoryPress Frontend for WordPress (

4.3CVSS6.5AI score0.00154EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/15 12:0 a.m.5 views

PT-2025-6498 · WordPress · Directorypress Frontend

Name of the Vulnerable Software and Affected Versions: DirectoryPress Frontend plugin for WordPress versions up to, and including, 2.7.9 Description: The issue is due to missing or incorrect nonce validation on the dpfl listingStatusChange function, making it possible for unauthenticated attacker...

4.3CVSS9.4AI score0.00154EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/15 12:0 a.m.5 views

WordPress plugin DirectoryPress Frontend 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.2AI score0.00154EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/14 10:34 p.m.6 views

WordPress DirectoryPress Frontend plugin <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update vulnerability

Cross-Site Request Forgery to Listing Status Update vulnerability discovered by incognito in WordPress Plugin DirectoryPress Frontend versions = 2.7.9...

4.3CVSS7AI score0.00154EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:42 a.m.12 views

CVE-2024-38755

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10...

8.8CVSS7.7AI score0.00656EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 7:13 a.m.9 views

CVE-2024-32567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7...

7.1CVSS5.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:56 a.m.6 views

CVE-2024-49633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2025/01/07 11:15 a.m.6 views

CVE-2024-49633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19...

6.1CVSS7.3AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2025/01/07 11:15 a.m.7 views

CVE-2024-49633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

7.1CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 10:49 a.m.9 views

CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/07 10:49 a.m.18 views

CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

7.1CVSS0.0031EPSS
Exploits0References1
CVE
CVE
added 2025/01/07 10:49 a.m.58 views

CVE-2024-49633

CVE-2024-49633 affects the WordPress plugin DirectoryPress (vulnerable: ≤ 3.6.19) with a Reflected XSS caused by improper neutralization of input during web page generation. Wordfence reports this vulnerability in the DirectoryPress entry and notes it has been patched in 3.6.19 ; no exploit detai...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder