CVE-2024-47379
- EPSS 0.26%
- Veröffentlicht 05.10.2024 15:15:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3.
CVE-2024-3673
- EPSS 92.05%
- Veröffentlicht 30.08.2024 06:15:05
- Zuletzt bearbeitet 16.05.2025 20:23:52
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
CVE-2024-3669
- EPSS 0.65%
- Veröffentlicht 30.07.2024 06:15:02
- Zuletzt bearbeitet 28.05.2025 00:54:09
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-3552
- EPSS 93.35%
- Veröffentlicht 13.06.2024 06:15:11
- Zuletzt bearbeitet 25.03.2025 14:15:25
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, T...
CVE-2023-2201
- EPSS 0.25%
- Veröffentlicht 02.06.2023 04:15:49
- Zuletzt bearbeitet 08.04.2026 19:18:13
The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...