cleantalk
Vulnerabilities and Security Researches

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory, CVE-2024-13507

CVE, Research URL

CVE-2024-13507

Home page URL

Security reports for GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

Application

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

Published on
Jul 26, 2025
Research Description
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 2.8.98.
Status
vulnerable
Previous vulnerability researches
Wonder Slider Lite (CVE-2025-7501) , Jul 26, 2025
Wonder Slider Lite (CVE-2024-24877) , Jun 07, 2024
New vulnerability
StreamWeasels Kick Integration (CVE-2025-7810) , Jul 30, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
Brizy – Page Builder (CVE-2025-4370) , Jul 29, 2025
Thumbnail carousel slider (CVE-2015-10144) , Jul 29, 2025
Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions (CVE-2025-8104) , Jul 29, 2025