VYPR

Web Directory Pro

by Web Directory Pro

CVEs (6)

  • CVE-2024-3673Aug 30, 2024
    risk 0.07cvss epss 0.06

    The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.

  • CVE-2024-3552Jun 13, 2024
    risk 0.07cvss epss 0.67

    The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

  • CVE-2008-4091Sep 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.

  • CVE-2008-3787Aug 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

  • CVE-2024-3669Jul 30, 2024
    risk 0.00cvss epss 0.00

    The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2006-5905Nov 15, 2006
    risk 0.00cvss epss 0.01

    Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.