CVE-2026-39566 WordPress DirectoryPress plugin <= 3.6.26 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through = 3.6.26...

CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

WordPress DirectoryPress Plugin <= 3.6.10 is vulnerable to SQL Injection

Software DirectoryPress Type Plugin Vulnerable versions = 3.6.10 Fixed in 3.6.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38755 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d658af932318 Credits Peng Zhou Required privilege Contributor Publish...

WordPress DirectoryPress Plugin <= 3.6.2 is vulnerable to Broken Access Control

Software DirectoryPress Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-37967 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f4392bc7ad6f Credits Abdi Pranata Required...