🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

Information

Software Type	Plugin
Software Slug	geodirectory (view on wordpress.org)
Software Status	Active
Software Author	paoltaia
Software Website	wpgeodirectory.com
Software Downloads	1,439,950
Software Active Installs	10,000
Software Record Last Updated	May 17, 2024

7 Vulnerabilities

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode

6.4

CVE-2024-3732

Apr 22, 2024

Researcher: Krzysztof Zając

GeoDirectory <= 2.3.28 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-50845

Dec 21, 2023

Researcher: Muhammad Daffa

GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby

7.2

CVE ID Unknown

Oct 18, 2023

Researchers:

GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-0278

Jan 31, 2023

Researchers: Daniel Krohmer, Kunal Sharma

GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4775

Dec 29, 2022

Researcher: István Márton

GeoDirectory <= 2.2.19 - CSV Injection

4.1

CVE ID Unknown

Dec 20, 2022

Researchers:

GeoDirectory <= 2.1.1.2 - Authenticated (admin+) Stored Cross-Site Scripting

6.4

CVE-2021-24720

Sep 2, 2021

Researcher: Thinkland Security Team

Title	Status	CVE ID	CVSS	Researchers	Date
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode	Patched	CVE-2024-3732	6.4	Krzysztof Zając	April 22, 2024
GeoDirectory <= 2.3.28 - Authenticated(Administrator+) SQL Injection	Patched	CVE-2023-50845	6.6	Muhammad Daffa	December 21, 2023
GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby	Patched		7.2		October 18, 2023
GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection	Patched	CVE-2023-0278	7.2	Daniel Krohmer, Kunal Sharma	January 31, 2023
GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	Patched	CVE-2022-4775	6.4	István Márton	December 29, 2022
GeoDirectory <= 2.2.19 - CSV Injection	Patched		4.1		December 20, 2022
GeoDirectory <= 2.1.1.2 - Authenticated (admin+) Stored Cross-Site Scripting	Patched	CVE-2021-24720	6.4	Thinkland Security Team	September 2, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation