Designinvento » Directorypress (Seite 1)

5.4

CVE-2026-27387

EPSS 0.04%
Veröffentlicht 19.02.2026 20:35:42
Zuletzt bearbeitet 20.02.2026 18:25:53

Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.

5.3

CVE-2026-23548

EPSS 0.04%
Veröffentlicht 19.02.2026 08:26:49
Zuletzt bearbeitet 26.02.2026 20:31:34

Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.25.

6.5

CVE-2025-62967

EPSS 0.06%
Veröffentlicht 27.10.2025 01:34:14
Zuletzt bearbeitet 20.01.2026 15:18:11

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through <= 3.6.25.

5.4

CVE-2025-32249

EPSS 0.08%
Veröffentlicht 04.04.2025 16:15:34
Zuletzt bearbeitet 07.04.2025 14:18:15

Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19.

4.3

CVE-2024-10581

EPSS 0.04%
Veröffentlicht 15.02.2025 12:15:28
Zuletzt bearbeitet 24.02.2025 12:31:54

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it p...

6.1

CVE-2024-49633

EPSS 0.12%
Veröffentlicht 07.01.2025 11:15:07
Zuletzt bearbeitet 25.02.2025 22:52:05

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.

5.4

CVE-2024-10584

EPSS 0.21%
Veröffentlicht 24.12.2024 11:15:05
Zuletzt bearbeitet 28.02.2025 23:09:22

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output es...

9.8

CVE-2023-37967

EPSS 0.25%
Veröffentlicht 13.12.2024 15:15:18
Zuletzt bearbeitet 27.02.2025 02:45:31

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.

8.8

CVE-2024-38755

EPSS 5.6%
Veröffentlicht 22.07.2024 11:15:04
Zuletzt bearbeitet 21.11.2024 09:26:45

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.

6.1

CVE-2024-32567

EPSS 0.23%
Veröffentlicht 18.04.2024 10:15:10
Zuletzt bearbeitet 05.03.2025 15:11:27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.

Team-orientierte Vulnerability Management Plattform

Features der Plattform

Designinvento ≫ Directorypress