Vulnerabilities > Designinvento > Directorypress > 2.8.0

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-49633 Cross-site Scripting vulnerability in Designinvento Directorypress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.
network
low complexity
designinvento CWE-79
6.1
2024-12-24 CVE-2024-10584 Unrestricted Upload of File with Dangerous Type vulnerability in Designinvento Directorypress
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping.
network
low complexity
designinvento CWE-434
5.4
2024-12-13 CVE-2023-37967 Missing Authorization vulnerability in Designinvento Directorypress 2.8.0/3.6.0
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
network
low complexity
designinvento CWE-862
critical
9.8
2024-04-18 CVE-2024-32567 Unspecified vulnerability in Designinvento Directorypress
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7.
network
low complexity
designinvento
6.1