cleantalk
Vulnerabilities and Security Researches

WP-BusinessDirectory – Business directory plugin for WordPress, CVE-2025-68887

CVE, Research URL

CVE-2025-68887

Home page URL

Security reports for WP-BusinessDirectory – Business directory plugin for WordPress

Application

WP-BusinessDirectory – Business directory plugin for WordPress

Published on
Jan 08, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.5.
Affected versions
max 3.1.5.
Status
vulnerable
Previous vulnerability researches
WP-BusinessDirectory &#8211; Business directory plugin for WordPress (CVE-2025-68887) , Jan 28, 2026
WP-BusinessDirectory &#8211; Business directory plugin for WordPress (CVE-2025-32629) , Apr 14, 2025
WP-BusinessDirectory &#8211; Business directory plugin for WordPress (CVE-2025-24759) , Jul 18, 2025
WP-BusinessDirectory &#8211; Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System &#8211; Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026