cbcvebase.

E-Plugins Directory Pro vulnerabilities

5 known vulnerabilities affecting e-plugins/directory_pro.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-36666P3HIGHCVSS 8.8fixed in 1.9.52023-03-27
CVE-2020-36666 [HIGH] CWE-269 CVE-2020-36666: The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plug The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugi
nvd
CVE-2026-27396P3HIGHCVSS 7.3≤ 2.5.62026-03-05
CVE-2026-27396 [HIGH] CWE-862 CVE-2026-27396: Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incor Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
nvd
CVE-2025-52748P4HIGHCVSS 7.1≤ 2.5.52025-10-22
CVE-2025-52748 [HIGH] CWE-79 CVE-2025-52748: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows Reflected XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.
nvd
CVE-2025-57948P4MEDIUMCVSS 6.5≤ 2.5.52025-09-22
CVE-2025-57948 [MEDIUM] CWE-79 CVE-2025-57948: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows DOM-Based XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.
nvd
CVE-2025-64243P4MEDIUMCVSS 4.3≤ 2.5.62025-12-16
CVE-2025-64243 [MEDIUM] CWE-862 CVE-2025-64243: Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incor Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
nvd
E-Plugins Directory Pro vulnerabilities | cvebase