Vulnerabilities > Designinvento > Directorypress > 3.6.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-49633 | Cross-site Scripting vulnerability in Designinvento Directorypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | 6.1 |
| 2024-12-24 | CVE-2024-10584 | Unrestricted Upload of File with Dangerous Type vulnerability in Designinvento Directorypress The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-07-22 | CVE-2024-38755 | Unspecified vulnerability in Designinvento Directorypress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10. | 8.8 |
| 2024-04-18 | CVE-2024-32567 | Unspecified vulnerability in Designinvento Directorypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.7. | 6.1 |