Lucene search
K

11 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.12 views

CVE-2026-6070

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...

9.1CVSS0.00409EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-39591 WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...

9.9CVSS0.00465EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-4526

Malware in sbrugna...

4.3CVSS6.4AI score0.01629EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-39088

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00492EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-21597

Malicious code in bioql PyPI...

9.3CVSS6.4AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.7 views

CVE-2024-43981

Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70...

8.8CVSS6.9AI score0.00421EPSS
Exploits0
CVE
CVE
added 2024/12/13 2:23 p.m.39 views

CVE-2023-35052

The CVE-2023-35052 entry concerns the WordPress Directorist plugin (Directorist) ≤ 7.5.4, with a Missing Authorization vulnerability that allows exploitation of incorrectly configured access control security levels. The issue is described across multiple sources as enabling Arbitrary Content Dele...

4.3CVSS5.1AI score0.00492EPSS
Exploits0References1
NVD
NVD
added 2014/07/02 6:55 p.m.13 views

CVE-2014-4599

Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...

4.3CVSS5.9AI score0.01629EPSS
Exploits1References1
Prion
Prion
added 2014/07/02 6:55 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...

4.3CVSS6.2AI score0.01629EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2014/07/02 6:0 p.m.20 views

CVE-2014-4599

Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...

5.9AI score0.01629EPSS
Exploits1References1
CVE
CVE
added 2014/07/02 6:0 p.m.37 views

CVE-2014-4599

CVE-2014-4599 affects the WordPress WP-Business Directory (wp-ttisbdir) plugin, specifically version 1.0.2 and earlier. The vulnerability is multiple cross-site scripting (XSS) flaws in forms/search.php that allow remote attackers to inject arbitrary script/HTML via the edit, search_term, page_id...

4.3CVSS6AI score0.01629EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder