Directorypress Security Vulnerabilities and Issues — Directorypress CVE List

Lucene search

DesigninventoDirectorypress

3 matches found

CVE•added 2025/04/04 4:15 p.m.•40 views

CVE-2025-32249

Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19.

5.4CVSS5.5AI score0.0002EPSS

CVE•added 2025/01/07 11:15 a.m.•39 views

CVE-2024-49633

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.

7.1CVSS7AI score0.00031EPSS

CVE•added 2025/02/15 12:15 p.m.•35 views

CVE-2024-10581

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update l...

4.3CVSS6.5AI score0.00014EPSS