Lucene search
K

57 matches found

CNNVD
CNNVD
added 2024/11/01 12:0 a.m.3 views

WordPress plugin GeoDirectory 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.5AI score0.00421EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.14 views

WordPress GeoDirectory Plugin <= 2.3.80 is vulnerable to Cross Site Scripting (XSS)

Software GeoDirectory Type Plugin Vulnerable versions = 2.3.80 Fixed in 2.3.81 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50437 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d145dfd1bc3 Credits João Pedro S Alcântara Kinorth Required...

6.5CVSS6.8AI score0.00241EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/08/18 12:0 a.m.5 views

WordPress plugin GeoDirectory SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.8CVSS7.8AI score0.00441EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/07 11:34 a.m.4 views

WordPress GeoDirectory plugin <= 2.3.61 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin GeoDirectory versions = 2.3.61...

8.8CVSS8.1AI score0.00441EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/23 3:0 a.m.6 views

WordPress GeoDirectory plugin <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'gdsingletabs' Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin GeoDirectory versions = 2.3.48...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.14 views

WordPress GeoDirectory Plugin <= 2.3.48 is vulnerable to Cross Site Scripting (XSS)

Software GeoDirectory Type Plugin Vulnerable versions = 2.3.48 Fixed in 2.3.49 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3732 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8257046e843f Credits Krzysztof Zając Required...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/12/28 7:15 p.m.13 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...

5.8CVSS8AI score0.00545EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/28 6:23 p.m.10 views

CVE-2023-50845 WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...

7.6CVSS7.9AI score0.00545EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/28 6:23 p.m.26 views

CVE-2023-50845 WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or...

7.6CVSS8.1AI score0.00545EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/27 3:24 p.m.6 views

CVE-2023-0278 GeoDirectory < 2.2.24 - Admin+ SQLi

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.4AI score0.00764EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.3 views

WordPress Plugin GeoDirectory SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

7.2CVSS7.6AI score0.00764EPSS
Exploits1References3
Patchstack
Patchstack
added 2023/02/01 12:0 a.m.9 views

WordPress GeoDirectory Plugin < 2.2.24 is vulnerable to SQL Injection

Software GeoDirectory Type Plugin Vulnerable versions 2.2.24 Fixed in 2.2.24 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0278 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID d8f1393a7ea2 Credits Daniel Krohmer Required privilege Administrator...

7.2CVSS7.2AI score0.00764EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/23 2:32 p.m.12 views

CVE-2022-4775 GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.5AI score0.00471EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.14 views

WordPress plugin The GeoDirectory 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/12/29 12:0 a.m.18 views

GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note:...

5.4CVSS2.7AI score0.00471EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/02 12:0 a.m.13 views

GeoDirectory < 2.1.1.3 - Authenticated (admin+) Stored Cross-Site Scripting (XSS)

The GeoDirectory plugin was vulnerable to Authenticated admin+ Stored Cross-Site Scripting XSS. PoC POST /wp-admin/admin.php?page=gd-settings=general=location HTTP/1.1 ..SNIP.. Content-Disposition: form-data; name="defaultlocationlatitude" prompt/XSS/ ..SNIP...

5.4CVSS1.2AI score0.00854EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/09/02 12:0 a.m.17 views

WordPress GeoDirectory plugin <= 2.1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress GeoDirectory plugin versions = 2.1.1.2. Solution Update the WordPress GeoDirectory plugin to the latest available version at least 2.1.1.3...

5.4CVSS2.1AI score0.00854EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder