PT-2026-20329 · WordPress · Business Directory Plugin – Easy Listing Directories

Sein Linn

·

Publicado

2026-02-18

·

Atualizado

2026-02-23

·

CVE-2026-2576

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 6.4.3
Description The Business Directory Plugin – Easy Listing Directories for WordPress is susceptible to time-based SQL Injection. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries. The payment parameter is the entry point for this issue, potentially allowing unauthenticated attackers to inject additional SQL queries to extract sensitive information from the database.
Recommendations Update to version 6.4.3 or later. As a temporary workaround, restrict access to the payment parameter.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-2576

Produtos afetados

Business Directory Plugin – Easy Listing Directories