Lucene search
K
AyecodeGeodirectory

9 matches found

CVE
CVE
added 2023/12/28 6:23 p.m.91 views

CVE-2023-50845

CVE-2023-50845 concerns the GeoDirectory WordPress plugins (GeoDirectory – WordPress Business Directory Plugin; Classified Directory) from AyeCode. Connected Red Hat entry confirms the issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting GeoDi...

7.6CVSS7.8AI score0.00545EPSS
CVE
CVE
added 2023/01/23 2:32 p.m.70 views

CVE-2022-4775

The GeoDirectory WordPress plugin prior to version 2.2.22 is affected by a Stored XSS vulnerability caused by not validating/escaping certain shortcode attributes before output. This could allow a user with as little as Contributor privileges to inject payloads that impact higher-privilege users ...

5.4CVSS5.3AI score0.00471EPSS
CVE
CVE
added 2024/04/23 9:32 a.m.68 views

CVE-2024-3732

CVE-2024-3732 : The GeoDirectory – WP Business Directory Plugin and Classified Directory for WordPress is vulnerable to a Stored XSS in the gd_single_tabs shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are all up to 2.3.48. Expl...

6.4CVSS5.8AI score0.0032EPSS
CVE
CVE
added 2021/10/11 10:45 a.m.65 views

CVE-2021-24720

The CVE-2021-24720 entry concerns the WordPress GeoDirectory Business Directory plugin, affected versions prior to 2.1.1.3. The connected sources consistently identify an Authenticated Stored Cross-Site Scripting (XSS) flaw in the plugin’s admin settings, allowing an authenticated attacker (admin...

5.4CVSS5.2AI score0.00854EPSS
Web
CVE
CVE
added 2024/08/18 9:42 p.m.61 views

CVE-2024-43145

CVE-2024-43145 is a SQL Injection in the WordPress plugin GeoDirectory by AyeCode Ltd. It affects GeoDirectory versions up to 2.3.61 (authenticated, Subscriber+ context in disclosures). The root cause is improper neutralization of special elements in SQL queries, allowing an attacker with subscri...

8.8CVSS8.9AI score0.00441EPSS
CVE
CVE
added 2024/11/01 2:17 p.m.56 views

CVE-2024-43981

CVE-2024-43981 is a Missing Authorization vulnerability in the GeoDirectory WordPress plugin (GeoDirectory – WP Business Directory Plugin and Classified Listings Directory). Affected range: GeoDirectory versions up to 2.3.70. The Red Hat and ENISA entries similarly describe the issue. The known r...

8.8CVSS5.7AI score0.00421EPSS
CVE
CVE
added 2024/10/28 6:11 p.m.55 views

CVE-2024-50437

CVE-2024-50437 is a stored XSS vulnerability in the WordPress GeoDirectory plugin (versions

6.5CVSS5.9AI score0.00241EPSS
CVE
CVE
added 2025/01/02 12:1 p.m.52 views

CVE-2024-56259

CVE-2024-56259 affects GeoDirectory (WP Business Directory Plugin) for WordPress. The issue is an improper input neutralization during web page generation, leading to a stored cross-site scripting vulnerability. Affected range is GeoDirectory

6.5CVSS7.2AI score0.00321EPSS
CVE
CVE
added 2025/07/11 6:0 a.m.30 views

CVE-2025-6200

CVE-2025-6200 affects the GeoDirectory WordPress plugin (versions prior to 2.8.120). The issue arises from insufficient validation/escaping of shortcode attributes, allowing users with contributor role or higher to perform a Stored Cross-Site Scripting (XSS) attack on pages/posts where the shortc...

5.9CVSS5.7AI score0.00209EPSS