239 matches found
CVE-2026-57707
The CVE-2026-57707 entry concerns WordPress Plugin Simple Business Directory Pro (versions up to 15.9.4) affected by an SQL Injection vulnerability. Affected component is the Simple Business Directory Pro plugin; root cause indicated as improper neutralization of special elements used in SQL comm...
CVE-2026-8892
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-41491
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-55498
Name of the Vulnerable Software and Affected Versions CM Business Directory versions prior to 1.5.8 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This occurs when...
CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57328
CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions
CVE-2026-57288
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...
EUVD-2026-38768
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...
PT-2026-49390
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-48919
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...
CVE-2026-48918
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-48919
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...
CVE-2026-48919
CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...
CVE-2026-48918
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-48916
The CVE-2026-48916 entry concerns Jenkins LDAP Plugin up to version 807.v7d7de30930cf and earlier, which follows LDAP referrals. The available connected documents identify the affected component (Jenkins LDAP Plugin) and the specific version range, with CVSSv3.1 vectors indicating Network attack,...
PT-2026-44011
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-3178
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-3178
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-3178
The CVE concerns the WordPress Name Directory plugin (affected: all versions up to 1.32.1) and a Stored XSS via the name_directory_name parameter. The vulnerability stems from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts into pages that...
CVE-2026-2576
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...