Vulnerabilities > Wpdirectorykit > WP Directory KIT > 1.2.3

DATE CVE VULNERABILITY TITLE RISK
2024-07-21 CVE-2024-37487 Cross-site Scripting vulnerability in Wpdirectorykit WP Directory KIT
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5.
network
low complexity
wpdirectorykit CWE-79
6.1
6.1
2024-07-09 CVE-2024-37253 Cross-site Scripting vulnerability in Wpdirectorykit WP Directory KIT
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.
network
low complexity
wpdirectorykit CWE-79
2.7
2.7
2024-03-27 CVE-2024-29774 Unspecified vulnerability in Wpdirectorykit WP Directory KIT
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.
network
low complexity
wpdirectorykit
6.1
6.1
2023-06-13 CVE-2023-2351 Unspecified vulnerability in Wpdirectorykit WP Directory KIT
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3.
network
low complexity
wpdirectorykit
4.3
4.3
2023-06-09 CVE-2023-2280 Unspecified vulnerability in Wpdirectorykit WP Directory KIT
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2.
network
low complexity
wpdirectorykit
5.3
5.3
2023-06-02 CVE-2023-2835 Cross-site Scripting vulnerability in Wpdirectorykit WP Directory KIT
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping.
network
low complexity
wpdirectorykit CWE-79
6.1
6.1