Ayecode: >> Geodirectory >> 2.3.63 Security Vulnerabilities
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-07-11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.84.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-01-02
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-11-01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.80.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28