PT-2026-20329 · WordPress · Business Directory Plugin – Easy Listing Directories
Sein Linn
·
Published
2026-02-18
·
Updated
2026-02-23
·
CVE-2026-2576
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 6.4.3
Description
The Business Directory Plugin – Easy Listing Directories for WordPress is susceptible to time-based SQL Injection. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries. The
payment parameter is the entry point for this issue, potentially allowing unauthenticated attackers to inject additional SQL queries to extract sensitive information from the database.Recommendations
Update to version 6.4.3 or later. As a temporary workaround, restrict access to the
payment parameter.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Business Directory Plugin – Easy Listing Directories