EUVD-2026-36951

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

CVE-2026-24549

Cross-Site Request Forgery CSRF vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through = 2.8.149...

EUVD-2024-53057

Malicious code in bioql PyPI...

CVE-2025-6200 GeoDirectory < 2.8.120 - Contributor+ Stored XSS

The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-6200

CVE-2025-6200 affects the GeoDirectory WordPress plugin (versions prior to 2.8.120). The issue arises from insufficient validation/escaping of shortcode attributes, allowing users with contributor role or higher to perform a Stored Cross-Site Scripting (XSS) attack on pages/posts where the shortc...

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...