CVE-2026-27396 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Directory Pro versions = 2.5.6...

CVE-2025-52748

CVE-2025-52748 concerns the WordPress Directory Pro plugin (directory-pro) up to version 2.5.5. Affected component: directory-pro within Directory Pro. Root cause: improper handling/neutralization of user input during web page generation, enabling Reflected Cross-Site Scripting (XSS). Impact is d...

CVE-2025-57948

CVE-2025-57948 affects Directory Pro (WordPress plugin). It is described as an Authenticated Stored Cross-Site Scripting vulnerability in Directory Pro versions up to 2.5.5, caused by improper neutralization of input during web page generation. The connected materials indicate patch status is Unp...

WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Directory Pro versions = 2.5.5...

WordPress directory-pro Plugin < 1.9.5 is vulnerable to Privilege Escalation

Software directory-pro Type Plugin Vulnerable versions 1.9.5 Fixed in 1.9.5 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 27a5e48fd1cc Credits Omar Badran Required privilege...