5 matches found
CVE-2025-12833
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
EUVD-2025-119997
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
CVE-2025-12833
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...
GHSA-WG24-9XM9-593V phpBB Cross-Site Request Forgery (CSRF)
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...
CVE-2019-16107
phpBB 3.2.7 is vulnerable to Cross-Site Request Forgery (CSRF) due to missing form token validation when deleting post attachments. This CVE-2019-16107 is corroborated by Red Hat, OSV, GHSA, CNVD/NVD, and CVE listings. The available sources describe the issue and affected behavior but do not prov...