Salephpscripts

Web Directory Free

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2024-47379

  • EPSS 0.28%
  • Veröffentlicht 05.10.2024 15:15:13
  • Zuletzt bearbeitet 07.10.2024 17:47:48

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sale php scripts Web Directory Free allows Reflected XSS.This issue affects Web Directory Free: from n/a through 1.7.3.

9.1

CVE-2024-3673

Exploit
  • EPSS 92.04%
  • Veröffentlicht 30.08.2024 06:15:05
  • Zuletzt bearbeitet 16.05.2025 20:23:52

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.

6.8

CVE-2024-3669

Exploit
  • EPSS 0.36%
  • Veröffentlicht 30.07.2024 06:15:02
  • Zuletzt bearbeitet 28.05.2025 00:54:09

The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

9.8

CVE-2024-3552

Exploit
  • EPSS 93.35%
  • Veröffentlicht 13.06.2024 06:15:11
  • Zuletzt bearbeitet 25.03.2025 14:15:25

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, T...

8.8

CVE-2023-2201

  • EPSS 0.22%
  • Veröffentlicht 02.06.2023 04:15:49
  • Zuletzt bearbeitet 21.11.2024 07:58:08

The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...