Vulnerabilities > Designinvento > Directorypress

DATE CVE VULNERABILITY TITLE RISK
2025-02-15 CVE-2024-10581 Cross-Site Request Forgery (CSRF) vulnerability in Designinvento Directorypress
The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9.
network
low complexity
designinvento CWE-352
4.3
4.3
2025-01-07 CVE-2024-49633 Cross-site Scripting vulnerability in Designinvento Directorypress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.
network
low complexity
designinvento CWE-79
6.1
6.1
2024-12-24 CVE-2024-10584 Unrestricted Upload of File with Dangerous Type vulnerability in Designinvento Directorypress
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping.
network
low complexity
designinvento CWE-434
5.4
5.4
2024-12-13 CVE-2023-37967 Missing Authorization vulnerability in Designinvento Directorypress 2.8.0/3.6.0
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
network
low complexity
designinvento CWE-862
critical
 9.8
9.8
2024-07-22 CVE-2024-38755 Unspecified vulnerability in Designinvento Directorypress
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
network
low complexity
designinvento
8.8
8.8
2024-04-18 CVE-2024-32567 Unspecified vulnerability in Designinvento Directorypress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.
network
low complexity
designinvento
6.1
6.1