Lucene search
K

181 matches found

EUVD
EUVD
added 2026/07/02 11:15 a.m.6 views

EUVD-2026-41290

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.12 views

CVE-2026-57681

The CVE describes a Server Side Request Forgery (SSRF) vulnerability in the WordPress GeoDirectory plugin for WordPress, specifically version

6.4CVSS5.8AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.9 views

CVE-2026-57681

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.34 views

CVE-2026-57681 WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...

6.4CVSS0.0023EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/30 2:32 p.m.4 views

WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by dodoh4t in WordPress Plugin GeoDirectory versions = 2.8.161...

6.4CVSS5.8AI score0.0023EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54831

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-54831 WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.9 views

EUVD-2026-39675

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.15 views

CVE-2026-54831

CVE-2026-54831 affects WordPress GeoDirectory plugin versions 2.8.162 and earlier. It describes an unauthenticated SQL injection vulnerability in GeoDirectory, with CVSS 3.1 indicating network access, no user interaction, high confidentiality impact, and critical overall severity. The provided do...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 2:22 p.m.7 views

WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

SQL Injection vulnerability discovered by manop55555 in WordPress Plugin GeoDirectory versions = 2.8.162...

9.3CVSS6AI score0.00283EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36961

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

8.8CVSS5.3AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36951

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39532

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

8.8CVSS0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39512

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-39532 WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

8.8CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.21 views

CVE-2026-39532

The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory &lt;= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...

8.8CVSS5.3AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.28 views

CVE-2026-39512 WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.16 views

CVE-2026-39512

WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:16 a.m.14 views

CVE-2026-11616

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

8.8CVSS0.00275EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/09 9:4 a.m.17 views

WordPress Events Calendar for GeoDirectory plugin <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Mitchell in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.28...

8.8CVSS5.4AI score0.00275EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder