Salephpscripts: >> Web Directory Free >> 1.7.0 Security Vulnerabilities
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
CVSS Score
9.1
EPSS Score
0.826
Published
2024-08-30
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.8
EPSS Score
0.001
Published
2024-07-30