Lucene search
+L

239 matches found

wpvulndb
wpvulndb
added 2024/06/17 12:0 a.m.12 views

Business Directory Plugin < 6.4.4 - Authenticated (Author+) CSV Injection

Description The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported...

8CVSS7.5AI score0.00492EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/06/14 2:15 a.m.3 views

CVE-2023-51516

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9...

5.4CVSS5.8AI score0.00314EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/06/14 12:58 a.m.14 views

CVE-2023-51516 WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9...

5.4CVSS5.6AI score0.00314EPSS
Exploits0References1
osv
osv
added 2024/06/13 6:15 a.m.7 views

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...

9.8CVSS5.8AI score0.67288EPSS
Exploits4References1
cve
cve
added 2024/06/13 6:0 a.m.153 views

CVE-2024-3552

CVE-2024-3552 affects the Web Directory Free WordPress plugin prior to 1.7.0. An unauthenticated AJAX action uses an unsanitised parameter in a SQL statement, enabling SQL injection via UNION, time-based, and error-based techniques, potentially compromising the database. The nuclei template confi...

9.8CVSS9.9AI score0.67288EPSS
Exploits4References1Affected Software1
githubexploit
githubexploit
added 2024/05/26 4:34 p.m.497 views

Exploit for SQL Injection in Businessdirectoryplugin Business_Directory

CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin – Ea...

9.8CVSS7AI score0.10272EPSS
Exploits1
nvd
nvd
added 2024/05/22 6:15 a.m.43 views

CVE-2024-4443

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS9.7AI score0.10272EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/05/22 5:32 a.m.23 views

CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS7.4AI score0.10272EPSS
Exploits1References3
patchstack
patchstack
added 2024/05/22 12:0 a.m.20 views

WordPress Business Directory Plugin Plugin <= 6.4.2 is vulnerable to SQL Injection

Software Business Directory Plugin Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4443 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e684c455bb1f Credits Krzysztof Zając Required privilege...

9.8CVSS6.7AI score0.10272EPSS
Exploits1References3Affected Software1
wpvulndb
wpvulndb
added 2024/05/21 12:0 a.m.13 views

Business Directory Plugin – Easy Listing Directories for WordPress < 6.4.3 - Unauthenticated SQL Injection via listingfields Parameter

Description The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of...

9.8CVSS7.3AI score0.10272EPSS
Exploits1References1Affected Software1
osv
osv
added 2024/04/23 10:15 a.m.5 views

CVE-2024-3732

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/04/23 12:0 a.m.9 views

PT-2024-27475 · WordPress · Geodirectory

Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WordPress Business Directory Plugin versions up to, and including, 2.3.48 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gd single tabs' shortcode due to insufficient input sanitization a...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References6
nvd
nvd
added 2024/02/29 1:43 a.m.27 views

CVE-2024-1322

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

5.3CVSS5.1AI score0.00524EPSS
Exploits0References3
cve
cve
added 2024/02/20 6:56 p.m.143 views

CVE-2024-1322

The CVE affects the Directorist – WordPress Business Directory Plugin with Classified Ads Listings up to version 7.8.4. The root cause is a missing capability check in the setup_wizard, enabling unauthenticated attackers to modify data, recreate default pages, and enable/disable monetization or c...

5.3CVSS5.4AI score0.00524EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2024/02/20 6:56 p.m.28 views

CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

5.3CVSS5.3AI score0.00524EPSS
Exploits0References3
osv
osv
added 2024/01/16 4:15 p.m.4 views

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...

5.4CVSS5.6AI score0.00395EPSS
Exploits2References1
cve
cve
added 2024/01/16 3:56 p.m.65 views

CVE-2023-4757

CVE-2023-4757 affects the WordPress plugin “Staff / Employee Business Directory for Active Directory” (LDAP/AD directory plugin) prior to version 1.2.3. The root cause is improper escaping of data returned from the LDAP server, allowing LDAP-controlled entries to inject malicious JavaScript when ...

5.4CVSS5.4AI score0.00395EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2023/12/27 12:0 a.m.15 views

WordPress Business Directory Plugin Plugin <= 6.3.9 is vulnerable to Broken Access Control

Software Business Directory Plugin Type Plugin Vulnerable versions = 6.3.9 Fixed in 6.3.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51516 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 687ed5f097a7 Credits thiennv Required...

5.4CVSS6.5AI score0.00314EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/11/30 4:15 p.m.4 views

CVE-2023-5803

Cross-Site Request Forgery CSRF vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10...

8.8CVSS5.8AI score0.00277EPSS
Exploits0References1
cve
cve
added 2023/11/30 3:57 p.m.56 views

CVE-2023-5803

CVE-2023-5803 affects the WordPress plugin Business Directory Plugin – Easy Listing Directories for WordPress (versions up to 6.3.10). The issue is a Cross-Site Request Forgery (CSRF) due to missing CSRF checks in some locations. Patchstack notes the fix is in version 6.3.11; other sources corrob...

8.8CVSS8AI score0.00277EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder