Wp Business Directory

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-4443	Brotherscripts Business Directory	Cri	0.64	9.8	0.10	May 22, 2024	The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter…
CVE-2026-2576	WordPress Wp Business Directory	Hig	0.42	7.5	0.00	Feb 18, 2026	The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of…
CVE-2026-1656	WordPress Wp Business Directory	Med	0.27	5.3	0.00	Feb 18, 2026	The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles,…
CVE-2014-4599	WordPress Wp Business Directory		0.00	—	0.02	Jul 2, 2014	Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or…

CVE-2024-4443CriMay 22, 2024
Brotherscripts
Business Directory
risk 0.64cvss 9.8epss 0.10
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter…
CVE-2026-2576HigFeb 18, 2026
WordPress
Wp Business Directory
risk 0.42cvss 7.5epss 0.00
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of…
CVE-2026-1656MedFeb 18, 2026
WordPress
Wp Business Directory
risk 0.27cvss 5.3epss 0.00
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles,…
CVE-2014-4599Jul 2, 2014
WordPress
Wp Business Directory
risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or…