PT-2026-49390

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

PT-2026-49399

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

CVE-2026-11616

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.25...

CVE-2026-24549

Cross-Site Request Forgery CSRF vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through = 2.8.149...

CVE-2026-24549

Cross-Site Request Forgery CSRF vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through = 2.8.149...

CVE-2025-12833

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

WordPress plugin GeoDirectory – WP Business Directory Plugin and Classified Listings Directory 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2023-0278

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

PT-2025-6192 · WordPress · Geodirectory – Wp Business Directory Plugin

Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions up to, and including, 2.8.97 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitizati...

CVE-2024-43981

Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70...

CVE-2024-50437

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AyeCode GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.80...

PT-2024-34212 · Ayecode · Ayecode Geodirectory

Name of the Vulnerable Software and Affected Versions: AyeCode GeoDirectory versions 2.3.80 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: Fo...

CVE-2024-3732

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...

PT-2024-27475 · WordPress · Geodirectory

Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WordPress Business Directory Plugin versions up to, and including, 2.3.48 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gd single tabs' shortcode due to insufficient input sanitization a...

CVE-2023-0278

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2022-4775

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

yourplasticsurgeryguide.com XSS vulnerability

Open Bug Bounty ID: OBB-656641 Description| Value ---|--- Affected Website:| yourplasticsurgeryguide.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...