Web Directory Free < 1.7.3 - Local File Inclusion

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues. id: CVE-2024-3673 info: name: Web Directory Free 1.7.3 - Local File Inclusion author: s4e-io severity: critical description: | The Web...

Web Directory Free < 1.7.0 - SQL Injection

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. id: CVE-2024-3552 info: name: Web Directory Free 1.7.0 - SQL...

Exploit for SQL Injection in Salephpscripts Web_Directory_Free

SECTF2026 — "You Play the CTF. We Play Defense" Event: XP...

CVE-2025-69018

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

EUVD-2025-205726

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

CVE-2025-69018

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

CVE-2025-69018 WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

CVE-2025-69018

CVE-2025-69018 affects Web Directory Free (WordPress) up to version 1.7.12. The Wordfence entry shows an authenticated (Contributor+) stored XSS vulnerability enabling DOM-based XSS during web page generation due to improper input neutralization. Patch status: Patched (fixed in a newer release).

CVE-2025-69018 WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through = 1.7.12...

WordPress plugin Web Directory Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-53899

Name of the Vulnerable Software and Affected Versions Shamalli Web Directory Free versions through 1.7.12 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the injection of...

WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web Directory Free versions = 1.7.12...

EUVD-2025-14793

Malicious code in bioql PyPI...

EUVD-2025-11750

Malicious code in bioql PyPI...

EUVD-2024-42415

Malicious code in bioql PyPI...

CVE-2025-39567

CVE-2025-39567 targets Shamalli Web Directory Free (WordPress plugin)

WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Web Directory Free versions = 1.7.8...

WordPress plugin Web Directory Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-30908

Cross-Site Request Forgery CSRF vulnerability in Shamalli Web Directory Free web-directory-free allows Stored XSS.This issue affects Web Directory Free: from n/a through = 1.7.6...

CVE-2025-30908

Cross-Site Request Forgery CSRF vulnerability in Shamalli Web Directory Free web-directory-free allows Stored XSS.This issue affects Web Directory Free: from n/a through = 1.7.6...