3 matches found
CVE-2024-13506
creationtimestamp| type| source ---|---|--- 2025-02-11 11:15:33+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvjsrhhua22 2025-02-11 13:11:14+00:00| seen| https://t.me/cvedetector/17705...
CVE-2024-13506
CVE-2024-13506 : GeoDirectory – WP Business Directory Plugin and Classified Listings Directory (WordPress)
CVE-2024-13506 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.97 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display_name Parameter
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the displayname profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. This...