Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-2576 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Easy Listing Directories For Wordpress
CVE-2026-2576
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2024-13887 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings.
PLUGIN
Easy Listing Directories For Wordpress
CVE-2024-13887
Risk Score
Threat Entry
Updated 2025-07-07
CVE-2024-4443 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Easy Listing Directories For Wordpress
CVE-2024-4443
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24179 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE.
PLUGIN
Easy Listing Directories For Wordpress
CVE-2021-24179
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24178 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues.
PLUGIN
Easy Listing Directories For Wordpress
CVE-2021-24178
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24248 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE
PLUGIN
Easy Listing Directories For Wordpress
CVE-2021-24248
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24249 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as email, home addresses etc
PLUGIN
Easy Listing Directories For Wordpress
CVE-2021-24249
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24250 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
PLUGIN
Easy Listing Directories For Wordpress
CVE-2021-24250
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24251 - Easy Listing Directories For Wordpress Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status (from pending to completed to example)
PLUGIN
Easy Listing Directories For Wordpress
CVE-2021-24251
Risk Score