Salephpscripts: >> Web Directory Free >> 1.6.9 Security Vulnerabilities
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
CVSS Score
9.1
EPSS Score
0.826
Published
2024-08-30
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.8
EPSS Score
0.001
Published
2024-07-30
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
CVSS Score
9.8
EPSS Score
0.932
Published
2024-06-13