57 matches found
WordPress plugin GeoDirectory 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress GeoDirectory Plugin <= 2.3.80 is vulnerable to Cross Site Scripting (XSS)
Software GeoDirectory Type Plugin Vulnerable versions = 2.3.80 Fixed in 2.3.81 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d145dfd1bc3 Credits João Pedro S Alcântara Kinorth Required...
WordPress plugin GeoDirectory SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin GeoDirectory versions = 2.3.61...
WordPress GeoDirectory plugin <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'gdsingletabs' Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin GeoDirectory versions = 2.3.48...
WordPress GeoDirectory Plugin <= 2.3.48 is vulnerable to Cross Site Scripting (XSS)
Software GeoDirectory Type Plugin Vulnerable versions = 2.3.48 Fixed in 2.3.49 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3732 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8257046e843f Credits Krzysztof Zając Required...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...
CVE-2023-50845 WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...
CVE-2023-50845 WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...
CVE-2023-0278 GeoDirectory < 2.2.24 - Admin+ SQLi
The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
WordPress Plugin GeoDirectory SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
WordPress GeoDirectory Plugin < 2.2.24 is vulnerable to SQL Injection
Software GeoDirectory Type Plugin Vulnerable versions 2.2.24 Fixed in 2.2.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0278 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d8f1393a7ea2 Credits Daniel Krohmer Required privilege Administrator...
CVE-2022-4775 GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode
The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
WordPress plugin The GeoDirectory 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note:...
GeoDirectory < 2.1.1.3 - Authenticated (admin+) Stored Cross-Site Scripting (XSS)
The GeoDirectory plugin was vulnerable to Authenticated admin+ Stored Cross-Site Scripting XSS. PoC POST /wp-admin/admin.php?page=gd-settings=general=location HTTP/1.1 ..SNIP.. Content-Disposition: form-data; name="defaultlocationlatitude" prompt/XSS/ ..SNIP...
WordPress GeoDirectory plugin <= 2.1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress GeoDirectory plugin versions = 2.1.1.2. Solution Update the WordPress GeoDirectory plugin to the latest available version at least 2.1.1.3...