CVE-2025-68887

Name of the Vulnerable Software and Affected Versions WP-BusinessDirectory versions through 3.1.5

Description The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The vulnerability exists in the wp-businessdirectory component of the CMSJunkie WordPress Business Directory Plugins.

Recommendations Update WP-BusinessDirectory to a version newer than 3.1.5.