239 matches found
Business Directory Plugin < 6.4.4 - Authenticated (Author+) CSV Injection
Description The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported...
CVE-2023-51516
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9...
CVE-2023-51516 WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9...
CVE-2024-3552
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...
CVE-2024-3552
CVE-2024-3552 affects the Web Directory Free WordPress plugin prior to 1.7.0. An unauthenticated AJAX action uses an unsanitised parameter in a SQL statement, enabling SQL injection via UNION, time-based, and error-based techniques, potentially compromising the database. The nuclei template confi...
Exploit for SQL Injection in Businessdirectoryplugin Business_Directory
CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin – Ea...
CVE-2024-4443
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Business Directory Plugin Plugin <= 6.4.2 is vulnerable to SQL Injection
Software Business Directory Plugin Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4443 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e684c455bb1f Credits Krzysztof Zając Required privilege...
Business Directory Plugin – Easy Listing Directories for WordPress < 6.4.3 - Unauthenticated SQL Injection via listingfields Parameter
Description The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-3732
The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...
PT-2024-27475 · WordPress · Geodirectory
Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WordPress Business Directory Plugin versions up to, and including, 2.3.48 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gd single tabs' shortcode due to insufficient input sanitization a...
CVE-2024-1322
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
CVE-2024-1322
The CVE affects the Directorist – WordPress Business Directory Plugin with Classified Ads Listings up to version 7.8.4. The root cause is a missing capability check in the setup_wizard, enabling unauthenticated attackers to modify data, recreate default pages, and enable/disable monetization or c...
CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
CVE-2023-4757
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...
CVE-2023-4757
CVE-2023-4757 affects the WordPress plugin “Staff / Employee Business Directory for Active Directory” (LDAP/AD directory plugin) prior to version 1.2.3. The root cause is improper escaping of data returned from the LDAP server, allowing LDAP-controlled entries to inject malicious JavaScript when ...
WordPress Business Directory Plugin Plugin <= 6.3.9 is vulnerable to Broken Access Control
Software Business Directory Plugin Type Plugin Vulnerable versions = 6.3.9 Fixed in 6.3.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51516 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 687ed5f097a7 Credits thiennv Required...
CVE-2023-5803
Cross-Site Request Forgery CSRF vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10...
CVE-2023-5803
CVE-2023-5803 affects the WordPress plugin Business Directory Plugin – Easy Listing Directories for WordPress (versions up to 6.3.10). The issue is a Cross-Site Request Forgery (CSRF) due to missing CSRF checks in some locations. Patchstack notes the fix is in version 6.3.11; other sources corrob...