515 matches found
Business Directory Plugin <= 6.4.2 - SQL Injection
The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-8892
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-8892 CM Business Directory <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Business Address Meta Fields
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-41491
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-8892
CVE-2026-8892 affects the CM Business Directory plugin for WordPress (versions up to and including 1.5.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via the Business Address Meta Fields, caused by insufficient input sanitization and output escaping. Authenticated attackers with con...
CVE-2026-8892
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress CM Business Directory – Optimise and showcase local business plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CM Business Directory versions = 1.5.7...
WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...
CVE-2026-6070
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...
CVE-2026-6070
The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...
CVE-2026-57339
Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...
CVE-2026-57328
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57326
Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57339
Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...
EUVD-2026-40110
Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...
CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...
CVE-2026-57339
The CVE-2026-57339 entry concerns an Unauthenticated Broken Access Control flaw in the WordPress Business Directory plugin up to version 6.4.23 . The available data confirm the affected product and version range, with the underlying issue categorized as broken access control (no additional techni...
CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
EUVD-2026-40099
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57328
CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions