CVE-2026-3489

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability

WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin = 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin DirectoryPress versions = 3.6.26...

CVE-2026-3489

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

CVE-2026-3489

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

CVE-2026-3489

The CVE-2026-3489 entry concerns the DirectoryPress WordPress plugin (Business Directory and Classified Ad Listing) with vulnerable versions up to 3.6.26. The issue is an SQL Injection via the 'packages' parameter caused by insufficient escaping of user input and inadequate SQL query preparation,...

PT-2026-33309

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

CVE-2026-23548

CVE-2026-23548 is a broken access control vulnerability in the WordPress DirectoryPress plugin up to version 3.6.25. The root cause is missing authorization caused by incorrectly configured access control security levels in DirectoryPress directorypress, potentially enabling unauthorized access f...

CVE-2026-23548 WordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through = 3.6.25...

CVE-2025-62967 WordPress DirectoryPress plugin <= 3.6.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through = 3.6.25...

CVE-2025-62967 WordPress DirectoryPress plugin <= 3.6.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through = 3.6.25...

EUVD-2024-33512

Malicious code in bioql PyPI...

EUVD-2025-4884

Malicious code in bioql PyPI...

CVE-2024-10584

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-32249

CVE-2025-32249 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress DirectoryPress plugin, affecting versions up to 3.6.19 (per multiple sources). The CVE entry notes a CSRF issue; the NVD entry lists a CVSS v3.1 base score of 5.4 (Medium) with network attack vector, low integrit...

WordPress plugin DirectoryPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

CVE-2024-10581

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

CVE-2024-10581

CVE-2024-10581 affects DirectoryPress Frontend for WordPress (

CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

CVE-2024-49633

CVE-2024-49633 affects the WordPress plugin DirectoryPress (vulnerable: ≤ 3.6.19) with a Reflected XSS caused by improper neutralization of input during web page generation. Wordfence reports this vulnerability in the DirectoryPress entry and notes it has been patched in 3.6.19 ; no exploit detai...

CVE-2024-10584

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...