Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
directory pro vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2006-5905
Web Directory Pro allows remote malicious users to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.
Web Directory Pro Web Directory Pro
5
CVSSv2
CVE-2001-0780
Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote malicious users to gain sensitive information via a .. (dot dot) in the SHOW parameter.
Cosmicperl Directory Pro 2.0
1 EDB exploit
3.5
CVSSv2
CVE-2021-24794
The Connections Business Directory WordPress plugin prior to 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
Connections-pro Connections Business Directory
7.5
CVSSv2
CVE-2006-6804
SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Enthrallweb Dragon Business Directory Pro
1 EDB exploit
6
CVSSv2
CVE-2020-36503
The Connections Business Directory WordPress plugin prior to 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
Connections-pro Connections Business Directory
NA
CVE-2023-29437
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.
Connections-pro Connections Business Directory
NA
CVE-2020-36666
The directory-pro WordPress plugin prior to 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin prior to 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin prior to 1.0.9, real-estate-pro WordPress plugin prior to 1.7.1, insti...
E-plugins Wp Membership
E-plugins Fitness Trainer
E-plugins Hotel Directory
E-plugins Hospital \\& Doctor Directory
E-plugins Lawyer Directory
E-plugins Institutions Directory
E-plugins Real Estate Pro
E-plugins Final User
E-plugins Directory Pro
E-plugins Photographer-directory
E-plugins Producer-retailer -
NA
CVE-2023-37387
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.
Radiustheme Classified Listing Pro - Classified Ads \\& Business Directory
NA
CVE-2022-2655
The Classified Listing Pro WordPress plugin prior to 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Radiustheme Classified Listing Pro - Classified Ads \\& Business Directory
NA
CVE-2022-2654
The Classima WordPress theme prior to 2.1.11 and some of its required plugins (Classified Listing prior to 2.2.14, Classified Listing Pro prior to 2.0.20, Classified Listing Store & Membership prior to 1.4.20 and Classima Core prior to 1.10) do not escape a parameter before o...
Radiustheme Classima
Radiustheme Classima Core
Radiustheme Classified Listing Store \\& Membership
Radiustheme Classified Listing - Classified Ads \\& Business Directory
Radiustheme Classified Listing Pro - Classified Ads \\& Business Directory
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »