11 matches found
CVE-2026-6070
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...
CVE-2026-39591 WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
EUVD-2014-4526
Malware in sbrugna...
EUVD-2023-39088
Malicious code in bioql PyPI...
EUVD-2025-21597
Malicious code in bioql PyPI...
CVE-2024-43981
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70...
CVE-2023-35052
The CVE-2023-35052 entry concerns the WordPress Directorist plugin (Directorist) ≤ 7.5.4, with a Missing Authorization vulnerability that allows exploitation of incorrectly configured access control security levels. The issue is described across multiple sources as enabling Arbitrary Content Dele...
CVE-2014-4599
Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...
CVE-2014-4599
Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...
CVE-2014-4599
CVE-2014-4599 affects the WordPress WP-Business Directory (wp-ttisbdir) plugin, specifically version 1.0.2 and earlier. The vulnerability is multiple cross-site scripting (XSS) flaws in forms/search.php that allow remote attackers to inject arbitrary script/HTML via the edit, search_term, page_id...