Lucene search
K

237 matches found

CVE
CVE
added 2026/02/18 8:26 a.m.19 views

CVE-2026-1656

CVE-2026-1656 concerns the WordPress Business Directory Plugin (versions up to and including 6.4.20). The root cause is a missing authorization check in the wpbdp_ajax action, enabling unauthenticated attackers to bypass controls and modify arbitrary listings (titles, content, email addresses) by...

5.3CVSS5.7AI score0.0032EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/18 8:26 a.m.30 views

CVE-2026-1656 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification

The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email...

5.3CVSS0.0032EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:35 a.m.7 views

CVE-2026-2576

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References5
CVE
CVE
added 2026/02/18 4:35 a.m.20 views

CVE-2026-2576

The CVE-2026-2576 entry concerns the WordPress plugin “Business Directory Plugin – Easy Listing Directories” (Business Directory Plugin). The vulnerability is a time-based SQL Injection exploitable via the payment parameter in all versions up to and including 6.4.2. It arises from insufficient es...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/18 4:35 a.m.31 views

CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.00432EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/18 4:35 a.m.17 views

CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/18 12:34 a.m.8 views

WordPress Business Directory Plugin plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.20...

5.3CVSS5.5AI score0.0032EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.15 views

PT-2026-20329

Name of the Vulnerable Software and Affected Versions Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 6.4.3 Description The Business Directory Plugin – Easy Listing Directories for WordPress is susceptible to time-based SQL Injection. This is due to inadequate...

7.5CVSS5.7AI score0.00432EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

WordPress plugin Business Directory Plugin – Easy Listing Directories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References4
CVE
CVE
added 2026/02/10 9:26 a.m.17 views

CVE-2026-1866

The WordPress plugin Name Directory (vulnerable up to 1.32.0) is affected by a Stored XSS due to double HTML-entity encoding in its sanitization flow. The plugin decodes HTML entities before wp_kses and decodes output again, enabling unauthenticated attackers to inject scripts via the public subm...

7.2CVSS5.6AI score0.00256EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/10 9:26 a.m.42 views

CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...

7.2CVSS0.00256EPSS
Exploits0References5
CVE
CVE
added 2026/02/06 7:24 a.m.18 views

CVE-2026-1279

The CVE-2026-1279 entry concerns the WordPress Employee Directory plugin (versions up to and including 1.2.1). It describes Stored Cross-Site Scripting via the form_title parameter in the search_employee_directory shortcode, caused by insufficient input sanitization and output escaping. Authentic...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/06 7:24 a.m.6 views

EUVD-2026-5610

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00235EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

WordPress plugin Employee Directory 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References5
CVE
CVE
added 2026/01/22 4:52 p.m.13 views

CVE-2025-69184

CVE-2025-69184 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Institutions Directory (versions up to and including 1.3.4). Public details in the Connected documents confirm an access control misconfiguration that could allow exploitation due to inc...

7.3CVSS5.4AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.21 views

CVE-2025-69181 WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.4...

7.3CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2025-68058 WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3..4...

7.6CVSS0.00282EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/14 1:53 p.m.5 views

WordPress Name Directory plugin <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by zer0gh0st in WordPress Plugin Name Directory versions = 1.30.3...

7.2CVSS5.7AI score0.00325EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/14 5:28 a.m.24 views

CVE-2025-15283

CVE-2025-15283 refers to the WordPress plugin Name Directory (versions up to 1.30.3) with a stored cross-site scripting (XSS) flaw in the name_directory_name and name_directory_description parameters. Public sources (Wordfence Intelligence) document unauthenticated exploitation and a high-severit...

7.2CVSS4.8AI score0.00325EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.8 views

CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations...

6.5CVSS6.7AI score0.00449EPSS
Exploits0References1
Rows per page
Query Builder