9 matches found
CVE-2023-50845
CVE-2023-50845 concerns the GeoDirectory WordPress plugins (GeoDirectory – WordPress Business Directory Plugin; Classified Directory) from AyeCode. Connected Red Hat entry confirms the issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting GeoDi...
CVE-2022-4775
The GeoDirectory WordPress plugin prior to version 2.2.22 is affected by a Stored XSS vulnerability caused by not validating/escaping certain shortcode attributes before output. This could allow a user with as little as Contributor privileges to inject payloads that impact higher-privilege users ...
CVE-2024-3732
CVE-2024-3732 : The GeoDirectory – WP Business Directory Plugin and Classified Directory for WordPress is vulnerable to a Stored XSS in the gd_single_tabs shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are all up to 2.3.48. Expl...
CVE-2021-24720
The CVE-2021-24720 entry concerns the WordPress GeoDirectory Business Directory plugin, affected versions prior to 2.1.1.3. The connected sources consistently identify an Authenticated Stored Cross-Site Scripting (XSS) flaw in the plugin’s admin settings, allowing an authenticated attacker (admin...
CVE-2024-43145
CVE-2024-43145 is a SQL Injection in the WordPress plugin GeoDirectory by AyeCode Ltd. It affects GeoDirectory versions up to 2.3.61 (authenticated, Subscriber+ context in disclosures). The root cause is improper neutralization of special elements in SQL queries, allowing an attacker with subscri...
CVE-2024-43981
CVE-2024-43981 is a Missing Authorization vulnerability in the GeoDirectory WordPress plugin (GeoDirectory – WP Business Directory Plugin and Classified Listings Directory). Affected range: GeoDirectory versions up to 2.3.70. The Red Hat and ENISA entries similarly describe the issue. The known r...
CVE-2024-50437
CVE-2024-50437 is a stored XSS vulnerability in the WordPress GeoDirectory plugin (versions
CVE-2024-56259
CVE-2024-56259 affects GeoDirectory (WP Business Directory Plugin) for WordPress. The issue is an improper input neutralization during web page generation, leading to a stored cross-site scripting vulnerability. Affected range is GeoDirectory
CVE-2025-6200
CVE-2025-6200 affects the GeoDirectory WordPress plugin (versions prior to 2.8.120). The issue arises from insufficient validation/escaping of shortcode attributes, allowing users with contributor role or higher to perform a Stored Cross-Site Scripting (XSS) attack on pages/posts where the shortc...