cbcvebase.

Cmsjunkie Wordpress Business Directory Plugins Wp-Businessdirectory vulnerabilities

5 known vulnerabilities affecting cmsjunkie_wordpress_business_directory_plugins/wp-businessdirectory.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3

Vulnerabilities

Page 1 of 1
CVE-2026-39591P2CRITICALCVSS 9.9≥ n/a, ≤ 4.0.02026-06-15
CVE-2026-39591 [CRITICAL] CWE-434 CVE-2026-39591: Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
nvd
CVE-2025-24759P2CRITICALCVSS 9.3≤ 3.1.42025-07-16
CVE-2025-24759 [CRITICAL] CWE-89 CVE-2025-24759: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Blind SQL Injection.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.4.
nvd
CVE-2025-32629P3HIGHCVSS 8.6≤ 3.1.22025-04-11
CVE-2025-32629 [HIGH] CWE-22 CVE-2025-32629: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Path Traversal.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.2.
nvd
CVE-2025-68887P4HIGHCVSS 7.1≤ 4.0.12026-01-08
CVE-2025-68887 [HIGH] CWE-79 CVE-2025-68887: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 4.0.1.
nvd
CVE-2025-32630P4HIGHCVSS 7.1≤ 3.1.22025-04-17
CVE-2025-32630 [HIGH] CWE-79 CVE-2025-32630: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.2.
nvd
Cmsjunkie Wordpress Business Directory Plugins Wp-Businessdirectory vulnerabilities | cvebase