VYPR
Vendor

Brotherscripts

Products
4
CVEs
13
Across products
13
Status
Private

Products

4

Recent CVEs

13
  • CVE-2024-4443CriMay 22, 2024
    risk 0.64cvss 9.8epss 0.10

    The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter…

  • CVE-2019-25533HigMar 12, 2026
    risk 0.53cvss 8.2epss 0.00

    Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted…

  • CVE-2025-10178MedSep 26, 2025
    risk 0.42cvss 6.4epss 0.00

    The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2023-5527HigJun 18, 2024
    risk 0.41cvss 7.4epss 0.00

    The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files…

  • CVE-2025-64630MedDec 16, 2025
    risk 0.32cvss 4.9epss 0.00

    Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.

  • CVE-2025-67596MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.

  • CVE-2025-64219MedOct 29, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.

  • CVE-2023-5803MedNov 30, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a…

  • CVE-2010-4974Nov 1, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2010-4969Nov 1, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2010-2906Jul 28, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.

  • CVE-2010-2905Jul 28, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2010-2670Jul 8, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter.