cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3732,https://securityvulnerability.io/vulnerability/CVE-2024-3732,Stored Cross-Site Scripting Vulnerability in GeoDirectory Plugin,"The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Geodirectory – WordPress Business Directory Plugin, Or Classified Directory",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-23T09:32:54.806Z,0
CVE-2023-50845,https://securityvulnerability.io/vulnerability/CVE-2023-50845,WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection,"A significant security flaw has been identified in the GeoDirectory – WordPress Business Directory Plugin developed by AyeCode. This vulnerability arises from improper neutralization of special elements that are used within SQL commands, leading to potential SQL Injection attacks. Attackers may exploit this flaw to gain unauthorized access to sensitive data or to manipulate database queries. The issue impacts versions ranging from not available (n/a) up to 2.3.28, necessitating immediate attention from website administrators to mitigate risks and secure their platforms.",Wordpress,"GeoDirectory – WordPress Business Directory Plugin, or Classified Directory",7.6,HIGH,0.0008900000248104334,false,,false,false,false,,false,false,2023-12-28T19:15:00.000Z,0
CVE-2021-24720,https://securityvulnerability.io/vulnerability/CVE-2021-24720,GeoDirectory < 2.1.1.3 - Authenticated Stored Cross-Site Scripting (XSS),The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).,Wordpress,Business Directory Plugin | Geodirectory,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2021-10-11T10:45:50.000Z,0