VYPR

Wp Business Directory

by Wp Business Directory Project

Source repositories

CVEs (7)

  • CVE-2024-4443CriMay 22, 2024
    risk 0.64cvss 9.8epss 0.10

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter…

  • CVE-2026-2576HigFeb 18, 2026
    risk 0.42cvss 7.5epss 0.00

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2026-1656MedFeb 18, 2026
    risk 0.27cvss 5.3epss 0.00

    The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles,…

  • CVE-2024-13887MedMar 13, 2025
    risk 0.27cvss 5.3epss 0.00

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user…

  • CVE-2008-5972Jan 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2023-51516Jun 14, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.

  • CVE-2014-4599Jul 2, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or…