57 matches found
WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by dodoh4t in WordPress Plugin GeoDirectory versions = 2.8.161...
CVE-2026-54831
CVE-2026-54831 affects WordPress GeoDirectory plugin versions 2.8.162 and earlier. It describes an unauthenticated SQL injection vulnerability in GeoDirectory, with CVSS 3.1 indicating network access, no user interaction, high confidentiality impact, and critical overall severity. The provided do...
WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability
SQL Injection vulnerability discovered by manop55555 in WordPress Plugin GeoDirectory versions = 2.8.162...
CVE-2026-39512
WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...
CVE-2026-11616
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
CVE-2026-11616 Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
CVE-2026-11616
The CVE pertains to the WordPress plugin Events Calendar for GeoDirectory, affected in versions up to and including 2.3.28. The root cause is an ajax_ayi_action() path that applies strip_tags(esc_sql()) without an allow-list to attacker-controlled POST values, forwarding them to update_ayi_data()...
CVE-2026-24549
CVE-2026-24549 is a CSRF vulnerability in the WordPress GeoDirectory plugin. Affected software: GeoDirectory WordPress Plugin and Classified Listings Directory (GeoDirectory) with versions up to and including 2.8.149; the issue allows CSRF when authenticated users perform actions on behalf of an ...
CVE-2026-24549 WordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through = 2.8.149...
CVE-2025-12833 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12833 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12833 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
PT-2025-46565
Name of the Vulnerable Software and Affected Versions GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions prior to 2.8.139 Description The GeoDirectory plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This fl...
EUVD-2021-11632
Malware in sbrugna...
EUVD-2022-52071
Malicious code in bioql PyPI...
EUVD-2024-32306
Malicious code in bioql PyPI...
EUVD-2024-54820
Malicious code in bioql PyPI...
EUVD-2025-21113
Malicious code in bioql PyPI...
CVE-2024-13507
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-13507
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient...