Designinvento

Directorypress

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-3489

  • EPSS 0.02%
  • Veröffentlicht 16.04.2026 11:21:21
  • Zuletzt bearbeitet 16.04.2026 12:16:08

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter an...

4

CVE-2026-39566

  • EPSS 0.02%
  • Veröffentlicht 08.04.2026 08:30:19
  • Zuletzt bearbeitet 14.04.2026 18:17:38

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through <= 3.6.26.

5.4

CVE-2026-27387

  • EPSS 0.05%
  • Veröffentlicht 19.02.2026 20:35:42
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.

5.3

CVE-2026-23548

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 08:26:49
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.25.

6.5

CVE-2025-62967

  • EPSS 0.03%
  • Veröffentlicht 27.10.2025 01:34:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through <= 3.6.25.

5.4

CVE-2025-32249

  • EPSS 0.05%
  • Veröffentlicht 04.04.2025 16:15:34
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Cross-Site Request Forgery (CSRF) vulnerability in Designinvento DirectoryPress directorypress allows Cross Site Request Forgery.This issue affects DirectoryPress: from n/a through <= 3.6.22.

4.3

CVE-2024-10581

  • EPSS 0.08%
  • Veröffentlicht 15.02.2025 12:15:28
  • Zuletzt bearbeitet 24.02.2025 12:31:54

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it p...

6.1

CVE-2024-49633

  • EPSS 0.17%
  • Veröffentlicht 07.01.2025 11:15:07
  • Zuletzt bearbeitet 01.04.2026 16:18:48

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through <= 3.6.19.

5.4

CVE-2024-10584

  • EPSS 0.2%
  • Veröffentlicht 24.12.2024 11:15:05
  • Zuletzt bearbeitet 28.02.2025 23:09:22

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output es...

9.8

CVE-2023-37967

  • EPSS 0.25%
  • Veröffentlicht 13.12.2024 15:15:18
  • Zuletzt bearbeitet 27.02.2025 02:45:31

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.