Vulnerabilities > Designinvento > Directorypress > 2.8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-49633 | Cross-site Scripting vulnerability in Designinvento Directorypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | 6.1 |
| 2024-12-24 | CVE-2024-10584 | Unrestricted Upload of File with Dangerous Type vulnerability in Designinvento Directorypress The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-13 | CVE-2023-37967 | Missing Authorization vulnerability in Designinvento Directorypress 2.8.0/3.6.0 Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2. | 9.8 |
| 2024-04-18 | CVE-2024-32567 | Unspecified vulnerability in Designinvento Directorypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7. | 6.1 |