Lucene search
K

515 matches found

Nuclei
Nuclei
added yesterday78 views

Business Directory Plugin <= 6.4.2 - SQL Injection

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS6AI score0.10272EPSS
Exploits1References4
NVD
NVD
added 6 days ago6 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-8892 CM Business Directory <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Business Address Meta Fields

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00212EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41491

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
CVE
CVE
added 6 days ago17 views

CVE-2026-8892

CVE-2026-8892 affects the CM Business Directory plugin for WordPress (versions up to and including 1.5.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via the Business Address Meta Fields, caused by insufficient input sanitization and output escaping. Authenticated attackers with con...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-8892

The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References8
Patchstack
Patchstack
added last week5 views

WordPress CM Business Directory – Optimise and showcase local business plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CM Business Directory versions = 1.5.7...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/01 9:45 a.m.8 views

WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-6070

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...

9.1CVSS0.00409EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 4:32 a.m.22 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.8 views

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57326

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.1CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 1:36 p.m.7 views

EUVD-2026-40110

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.31 views

CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.12 views

CVE-2026-57339

The CVE-2026-57339 entry concerns an Unauthenticated Broken Access Control flaw in the WordPress Business Directory plugin up to version 6.4.23 . The available data confirm the affected product and version range, with the underlying issue categorized as broken access control (no additional techni...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.30 views

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.6 views

EUVD-2026-40099

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.11 views

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder