181 matches found
EUVD-2026-41290
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
CVE-2026-57681
The CVE describes a Server Side Request Forgery (SSRF) vulnerability in the WordPress GeoDirectory plugin for WordPress, specifically version
CVE-2026-57681
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
CVE-2026-57681 WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by dodoh4t in WordPress Plugin GeoDirectory versions = 2.8.161...
CVE-2026-54831
Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...
CVE-2026-54831 WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...
EUVD-2026-39675
Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...
CVE-2026-54831
CVE-2026-54831 affects WordPress GeoDirectory plugin versions 2.8.162 and earlier. It describes an unauthenticated SQL injection vulnerability in GeoDirectory, with CVSS 3.1 indicating network access, no user interaction, high confidentiality impact, and critical overall severity. The provided do...
WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability
SQL Injection vulnerability discovered by manop55555 in WordPress Plugin GeoDirectory versions = 2.8.162...
EUVD-2026-36961
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
EUVD-2026-36951
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39532
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
CVE-2026-39512
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39532 WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
CVE-2026-39532
The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...
CVE-2026-39512 WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39512
WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...
CVE-2026-11616
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
WordPress Events Calendar for GeoDirectory plugin <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Mitchell in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.28...