Vulnerabilities and security researches fordirectorypress directorypress

Jun 07, 2024

CVE, Research URL: 1a3ba1e97c4c47e90cd5db48ca23753082a24463
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Jul 12, 2023
Research Description: DirectoryPress – Business Directory And Classified Ad Listing [directorypress] < 3.6.3 (closed) WordPress DirectoryPress Plugin <= 3.6.2 is vulnerable to Broken Access Control Update the WordPress DirectoryPress plugin to the latest available version (at least 3.6.3). Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress DirectoryPress Plugin. This vulnerability has been fixed in version 3.6.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32567
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Apr 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-37967
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
Affected versions: Min -, max -.
Status: vulnerable

Jul 15, 2024

CVE, Research URL: CVE-2024-38755
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Jul 22, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
Affected versions: Min -, max -.
Status: vulnerable

Dec 25, 2024

CVE, Research URL: CVE-2024-10584
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Dec 24, 2024
Research Description: The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users.
Affected versions: Min -, max -.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2024-49633
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Jan 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32249
Home page URL: Security reports for DirectoryPress – Business Directory And Classified Ad Listing
Application: DirectoryPress – Business Directory And Classified Ad Listing
Date: Apr 04, 2025
Research Description: DirectoryPress – Business Directory And Classified Ad Listing [directorypress] <= 3.6.19 (unfixed) CVE-2025-32249 [en] Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19.
Affected versions: Min -, max -.
Status: vulnerable