Filtered by vendor Designinvento
Subscriptions
Filtered by product Directorypress
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32567 | 1 Designinvento | 1 Directorypress | 2025-03-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7. | ||||
| CVE-2023-37967 | 1 Designinvento | 1 Directorypress | 2025-02-27 | 6.5 Medium |
| Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2. | ||||
| CVE-2024-49633 | 1 Designinvento | 1 Directorypress | 2025-02-25 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | ||||
| CVE-2024-10581 | 1 Designinvento | 1 Directorypress | 2025-02-24 | 4.3 Medium |
| The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-38755 | 1 Designinvento | 1 Directorypress | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10. | ||||
Page 1 of 1.