cleantalk
Vulnerabilities and Security Researches

Business Directory Plugin – Easy Listing Directories for WordPress, CVE-2024-13887

CVE, Research URL

CVE-2024-13887

Home page URL

Security reports for Business Directory Plugin – Easy Listing Directories for WordPress

Application

Business Directory Plugin – Easy Listing Directories for WordPress

Published on
Mar 13, 2025
Research Description
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings.
Affected versions
Min -, max 6.4.15.
Status
vulnerable
Previous vulnerability researches
Multiple Shipping And Billing Address For Woocommerce (CVE-2025-26875) , Mar 12, 2025
Multiple Shipping And Billing Address For Woocommerce (CVE-2024-56290) , Jan 08, 2025
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
WP Recipe Maker (CVE-2025-1503) , Mar 14, 2025