cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3732,https://securityvulnerability.io/vulnerability/CVE-2024-3732,Stored Cross-Site Scripting Vulnerability in GeoDirectory Plugin,"The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Geodirectory – WordPress Business Directory Plugin, Or Classified Directory",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-23T09:32:54.806Z,0
CVE-2023-50845,https://securityvulnerability.io/vulnerability/CVE-2023-50845,WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection,"A significant security flaw has been identified in the GeoDirectory – WordPress Business Directory Plugin developed by AyeCode. This vulnerability arises from improper neutralization of special elements that are used within SQL commands, leading to potential SQL Injection attacks. Attackers may exploit this flaw to gain unauthorized access to sensitive data or to manipulate database queries. The issue impacts versions ranging from not available (n/a) up to 2.3.28, necessitating immediate attention from website administrators to mitigate risks and secure their platforms.",Wordpress,"GeoDirectory – WordPress Business Directory Plugin, or Classified Directory",7.6,HIGH,0.0008900000248104334,false,,false,false,false,,false,false,2023-12-28T19:15:00.000Z,0
CVE-2023-0278,https://securityvulnerability.io/vulnerability/CVE-2023-0278,GeoDirectory < 2.2.24 - Admin+ SQLi,"The GeoDirectory plugin for WordPress, prior to version 2.2.24, is susceptible to a SQL injection due to inadequate sanitization and escaping of parameters before being utilized in SQL statements. This flaw can be exploited by users with high privileges, such as administrators, potentially allowing unauthorized access or alteration of sensitive data.",Wordpress,GeoDirectory,7.2,HIGH,0.0010400000028312206,false,,false,false,false,,false,false,2023-02-27T16:15:00.000Z,0
CVE-2022-4775,https://securityvulnerability.io/vulnerability/CVE-2022-4775,GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode,"The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Geodirectory,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-23T14:32:01.696Z,0
CVE-2021-24720,https://securityvulnerability.io/vulnerability/CVE-2021-24720,GeoDirectory < 2.1.1.3 - Authenticated Stored Cross-Site Scripting (XSS),The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).,Wordpress,Business Directory Plugin | Geodirectory,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2021-10-11T10:45:50.000Z,0