Lucene search

K
AyecodeGeodirectory

10 matches found

CVE
CVE
added 2023/12/28 7:15 p.m.65 views

CVE-2023-50845

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory – WordPress Business Directory Plugin, or ...

7.6CVSS7.7AI score0.00291EPSS
CVE
CVE
added 2024/04/23 10:15 a.m.53 views

CVE-2024-3732

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.8AI score0.0008EPSS
CVE
CVE
added 2023/01/23 3:15 p.m.50 views

CVE-2022-4775

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege ...

5.4CVSS5.3AI score0.00103EPSS
CVE
CVE
added 2023/02/27 4:15 p.m.43 views

CVE-2023-0278

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2CVSS7.1AI score0.00218EPSS
CVE
CVE
added 2024/08/18 10:15 p.m.41 views

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61.

8.8CVSS8.9AI score0.00555EPSS
CVE
CVE
added 2024/10/28 7:15 p.m.41 views

CVE-2024-50437

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AyeCode GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.80.

6.5CVSS6.7AI score0.00045EPSS
CVE
CVE
added 2024/11/01 3:15 p.m.39 views

CVE-2024-43981

Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70.

8.8CVSS5.7AI score0.00137EPSS
CVE
CVE
added 2025/01/02 12:15 p.m.39 views

CVE-2024-56259

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84.

6.5CVSS6.5AI score0.00028EPSS
CVE
CVE
added 2021/10/11 11:15 a.m.36 views

CVE-2021-24720

The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).

5.4CVSS5.2AI score0.00293EPSS
CVE
CVE
added 2025/07/11 6:15 a.m.8 views

CVE-2025-6200

The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.9CVSS5.7AI score0.00031EPSS