Vulnerabilities > Designinvento > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-15 | CVE-2024-10581 | Cross-Site Request Forgery (CSRF) vulnerability in Designinvento Directorypress The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. | 4.3 |
| 2025-01-07 | CVE-2024-49633 | Cross-site Scripting vulnerability in Designinvento Directorypress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | 6.1 |
| 2024-12-24 | CVE-2024-10584 | Unrestricted Upload of File with Dangerous Type vulnerability in Designinvento Directorypress The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. | 5.4 |