237 matches found
CVE-2026-1656
CVE-2026-1656 concerns the WordPress Business Directory Plugin (versions up to and including 6.4.20). The root cause is a missing authorization check in the wpbdp_ajax action, enabling unauthenticated attackers to bypass controls and modify arbitrary listings (titles, content, email addresses) by...
CVE-2026-1656 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email...
CVE-2026-2576
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-2576
The CVE-2026-2576 entry concerns the WordPress plugin “Business Directory Plugin – Easy Listing Directories” (Business Directory Plugin). The vulnerability is a time-based SQL Injection exploitable via the payment parameter in all versions up to and including 6.4.2. It arises from insufficient es...
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Business Directory Plugin plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.20...
PT-2026-20329
Name of the Vulnerable Software and Affected Versions Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 6.4.3 Description The Business Directory Plugin – Easy Listing Directories for WordPress is susceptible to time-based SQL Injection. This is due to inadequate...
WordPress plugin Business Directory Plugin – Easy Listing Directories SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
CVE-2026-1866
The WordPress plugin Name Directory (vulnerable up to 1.32.0) is affected by a Stored XSS due to double HTML-entity encoding in its sanitization flow. The plugin decodes HTML entities before wp_kses and decodes output again, enabling unauthenticated attackers to inject scripts via the public subm...
CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...
CVE-2026-1279
The CVE-2026-1279 entry concerns the WordPress Employee Directory plugin (versions up to and including 1.2.1). It describes Stored Cross-Site Scripting via the form_title parameter in the search_employee_directory shortcode, caused by insufficient input sanitization and output escaping. Authentic...
EUVD-2026-5610
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formtitle' parameter in the searchemployeedirectory shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Employee Directory 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-69184
CVE-2025-69184 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Institutions Directory (versions up to and including 1.3.4). Public details in the Connected documents confirm an access control misconfiguration that could allow exploitation due to inc...
CVE-2025-69181 WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.4...
CVE-2025-68058 WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3..4...
WordPress Name Directory plugin <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability
Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by zer0gh0st in WordPress Plugin Name Directory versions = 1.30.3...
CVE-2025-15283
CVE-2025-15283 refers to the WordPress plugin Name Directory (versions up to 1.30.3) with a stored cross-site scripting (XSS) flaw in the name_directory_name and name_directory_description parameters. Public sources (Wordfence Intelligence) document unauthenticated exploitation and a high-severit...
CVE-2022-23105
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations...