cleantalk
Vulnerabilities and Security Researches

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory, CVE-2024-3732

CVE, Research URL

CVE-2024-3732

Home page URL

Security reports for GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

Application

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

Published on
Apr 23, 2024
Research Description
The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.3.49.
Status
vulnerable
Previous vulnerability researches
Events Calendar for GeoDirectory (CVE-2025-26967) , Mar 05, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-56259) , Jan 03, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-3732) , Jun 06, 2024
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2023-0278) , Jun 06, 2024
New vulnerability
StreamWeasels Kick Integration (CVE-2025-7810) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025