| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-28767 | IBM Security Directory Integrator command execution | IBM | Security Directory Integrator | Medium | 6.8 | 2024-12-20 13:48:16 | Deep Dive |
| CVE-2024-54288 | WordPress LDD Directory Lite plugin <= 3.3 - Reflected Cross Site Scripting (XSS) vulnerability | LDD Web Design | LDD Directory Lite | High | 7.1 | 2024-12-13 14:25:05 | Deep Dive |
| CVE-2023-41875 | WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability | WPDirectoryKit | WP Directory Kit | Medium | 5.3 | 2024-12-13 14:24:24 | Deep Dive |
| CVE-2024-12417 | Simple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode Execution | quantumcloud | Simple Link Directory | Medium | 6.5 | 2024-12-13 08:24:51 | Deep Dive |
| CVE-2023-28532 | WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation | listingthemes | Real Estate Directory | Medium | 4.3 | 2024-12-09 11:31:17 | Deep Dive |
| CVE-2024-11854 | Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter | webilia | Listdom: AI-powered Business Directory with Classifieds Ads Listings | Medium | 6.4 | 2024-12-04 11:08:26 | Deep Dive |
| CVE-2024-11202 | Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode | creativemindssolutions | CM Header and Footer – Add custom scripts and styles to your header and footer with ease | Medium | 6.1 | 2024-11-26 07:31:32 | Deep Dive |
| CVE-2024-10528 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2024-11-21 05:33:49 | Deep Dive |
| CVE-2024-11194 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update | techlabpro1 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin | High | 8.8 | 2024-11-19 11:32:12 | Deep Dive |
| CVE-2024-42372 | Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) | SAP_SE | SAP NetWeaver AS Java (System Landscape Directory) | Medium | 6.5 | 2024-11-12 00:25:45 | Deep Dive |
| CVE-2024-51788 | WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability | Joshua Wolfe | The Novel Design Store Directory | Critical | 10.0 | 2024-11-11 05:59:26 | Deep Dive |
| CVE-2024-43981 | WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability | AyeCode – WP Business Directory Plugins | GeoDirectory | Medium | 4.3 | 2024-11-01 14:17:12 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47379 | WordPress Web Directory Free plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability | Shamalli | Web Directory Free | High | 7.1 | 2024-10-05 15:01:32 | Deep Dive |
| CVE-2024-8519 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 6.4 | 2024-10-04 02:32:23 | Deep Dive |
| CVE-2024-8520 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2024-10-04 02:32:22 | Deep Dive |
| CVE-2024-43938 | WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability | Jeroen Peters | Name Directory | Medium | 6.5 | 2024-09-17 22:43:57 | Deep Dive |
| CVE-2024-7888 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization | techlabpro1 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin | Medium | 6.3 | 2024-09-13 06:47:27 | Deep Dive |
| CVE-2024-8445 | 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199) | - | - | Medium | 5.7 | 2024-09-05 14:24:01 | Deep Dive |
| CVE-2024-3673 | Web Directory Free < 1.7.3 - Unauthenticated LFI | Unknown | Web Directory Free | 超危 | - | 2024-08-30 06:00:02 | Deep Dive |