DirectoryPress – Business Directory And Classified Ad Listing

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   DirectoryPress – Business Directory And Classified Ad Listing

Information

Software Type Plugin
Software Slug directorypress (view on wordpress.org)
Software Status Active
Software Author designinvento
Software Website designinvento.net
Software Downloads 29,428
Software Active Installs 800
Software Record Last Updated June 17, 2026

11 Vulnerabilities

Submit a Vulnerability
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'
7.5
CVE-2026-3489
Apr 15, 2026
Researcher: Leonid Semenenko (lsemenenko)
DirectoryPress <= 3.6.26 - Unauthenticated Information Exposure
5.3
CVE-2026-39566
Mar 23, 2026
Researcher: Bao - BlueRock
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Missing Authorization
4.3
CVE-2026-27387
Dec 18, 2025
Researcher: daroo
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.25 - Missing Authorization
5.3
CVE-2026-23548
Dec 18, 2025
Researcher: daroo
DirectoryPress <= 3.6.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-62967
Oct 18, 2025
Researcher: Muhammad Yudha - DJ
DirectoryPress <= 3.6.22 - Cross-Site Request Forgery
4.3
CVE-2025-32249
Apr 4, 2025
Researcher: thiennv
DirectoryPress <= 3.6.19 - Cross-Site Request Forgery to Cross-Site Scripting
4.3
CVE-2024-49633
Jan 6, 2025
Researcher: Dimas Maulana
DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting
5.4
CVE-2024-10584
Dec 23, 2024
Researcher: Tieu Pham Trong Nhan
DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection
9.9
CVE-2024-38755
Jul 11, 2024
Researcher: Peng Zhou
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.7 - Reflected Cross-Site Scripting
7.2
CVE-2024-32567
Apr 16, 2024
Researcher: beluga
DirectoryPress <= 3.6.2 - Missing Authorization
7.3
CVE-2023-37967
Jul 12, 2023
Researcher: Abdi Pranata
Title Status CVE ID CVSS Researchers Date
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages' Patched CVE-2026-3489 7.5 Leonid Semenenko (lsemenenko) April 15, 2026
DirectoryPress <= 3.6.26 - Unauthenticated Information Exposure Patched CVE-2026-39566 5.3 Bao - BlueRock March 23, 2026
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Missing Authorization Patched CVE-2026-27387 4.3 daroo December 18, 2025
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.25 - Missing Authorization Patched CVE-2026-23548 5.3 daroo December 18, 2025
DirectoryPress <= 3.6.25 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2025-62967 6.4 Muhammad Yudha - DJ October 18, 2025
DirectoryPress <= 3.6.22 - Cross-Site Request Forgery Patched CVE-2025-32249 4.3 thiennv April 4, 2025
DirectoryPress <= 3.6.19 - Cross-Site Request Forgery to Cross-Site Scripting Patched CVE-2024-49633 4.3 Dimas Maulana January 6, 2025
DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting Patched CVE-2024-10584 5.4 Tieu Pham Trong Nhan December 23, 2024
DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection Patched CVE-2024-38755 9.9 Peng Zhou July 11, 2024
DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.7 - Reflected Cross-Site Scripting Patched CVE-2024-32567 7.2 beluga April 16, 2024
DirectoryPress <= 3.6.2 - Missing Authorization Patched CVE-2023-37967 7.3 Abdi Pranata July 12, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation