Lucene search
K

115 matches found

CNNVD
CNNVD
added 2025/01/07 12:0 a.m.7 views

WordPress plugin DirectoryPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS7.7AI score0.0031EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/06 11:53 a.m.5 views

WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin DirectoryPress versions = 3.6.19...

7.1CVSS6.1AI score0.0031EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/12/24 11:15 a.m.5 views

CVE-2024-10584

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

5.4CVSS5.9AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2024/12/24 11:15 a.m.8 views

CVE-2024-10584

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

5.4CVSS0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/24 11:9 a.m.16 views

CVE-2024-10584 DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

5.4CVSS0.00287EPSS
Exploits0References2
CVE
CVE
added 2024/12/24 11:9 a.m.57 views

CVE-2024-10584

CVE-2024-10584 affects the DirectoryPress – Business Directory And Classified Ad Listing WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to 3.6.16 due to insufficient input sanitization/output escaping. Exploitation requires authenticated ...

5.4CVSS6.1AI score0.00287EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/24 11:9 a.m.7 views

CVE-2024-10584 DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

5.4CVSS5.2AI score0.00287EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/24 12:16 a.m.4 views

WordPress DirectoryPress plugin <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin DirectoryPress versions = 3.6.16...

5.4CVSS5.7AI score0.00287EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.4 views

WordPress plugin DirectoryPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

5.4CVSS8.2AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.6 views

PT-2024-16383 · WordPress · Directorypress

Name of the Vulnerable Software and Affected Versions: DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress versions up to, and including, 3.6.16 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input...

5.4CVSS8.2AI score0.00287EPSS
Exploits0References8
OSV
OSV
added 2024/12/13 3:15 p.m.1 views

CVE-2023-37967

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.7 views

CVE-2023-37967

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through = 3.6.2...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.10 views

CVE-2023-37967 WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through = 3.6.2...

6.5CVSS7.3AI score0.0057EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.18 views

CVE-2023-37967 WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2...

6.5CVSS0.0057EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:23 p.m.51 views

CVE-2023-37967

CVE-2023-37967 is a vulnerability in the WordPress plugin DirectoryPress (

9.8CVSS8AI score0.0057EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.3 views

WordPress plugin DirectoryPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8AI score0.0057EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.6 views

PT-2024-12669 · Unknown · Directorypress

Name of the Vulnerable Software and Affected Versions: DirectoryPress versions 3.6.2 and earlier Description: The issue is related to a missing authorization vulnerability in Designinvento DirectoryPress, which allows exploiting incorrectly configured access control security levels. This problem...

9.8CVSS8.8AI score0.0057EPSS
Exploits0References11
OSV
OSV
added 2024/07/22 11:15 a.m.5 views

CVE-2024-38755

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10...

8.8CVSS5.8AI score0.00656EPSS
Exploits0References1
NVD
NVD
added 2024/07/22 11:15 a.m.36 views

CVE-2024-38755

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10...

8.8CVSS0.00656EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/22 10:9 a.m.38 views

CVE-2024-38755 WordPress DirectoryPress plugin <= 3.6.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10...

8.5CVSS0.00656EPSS
Exploits0References1
Rows per page
Query Builder