Description
The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9de5cc51-f64c-4475-a0f4-d932dc4364a6
Exploit, Third Party Advisory x_refsource_misc
https://github.com/BigTiger2020/word-press/blob/main/WrodPress%20Plugin%20GeoDirectory%E2%80%94%E2%80%94Stored%20Cross-Site%20Scripting%20.md
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2596452/geodirectory
Scores
CVSS v3
5.4
EPSS
0.0051
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
ayecode/geodirectory
< 2.1.1.3
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026