Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in GeoDirectory – WordPress Business Directory Plugin, or Classified Directory 2.3.29

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 21, 2023

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress, is vulnerable to a type of attack called SQL Injection in all versions up to 2.3.29. This vulnerability exists because the plugin does not properly escape a user-provided parameter and also does not properly prepare an existing SQL query. If an attacker with administrator access is able to exploit this vulnerability they may be able to gain access to sensitive information stored in the plugin’s database.

Detected in:

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory fixed vulnerable versions:
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.