Vulnerabilities > CVE-2024-32567 - Unspecified vulnerability in Designinvento Directorypress

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

designinvento

NVD

Published: 2024-04-18

Updated: 2025-03-05

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.

Vulnerable Configurations

Part	Description	Count
Application	Designinvento Designinvento Directorypress - Designinvento Directorypress 2.8.0 Designinvento Directorypress 3.6.0 Designinvento Directorypress 3.6.4 Designinvento Directorypress 3.6.6 Designinvento Directorypress 3.6.7	6

References

https://patchstack.com/database/vulnerability/directorypress/wordpress-directorypress-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/directorypress/wordpress-directorypress-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve