Browse all 4 CVE security advisories affecting CMSJunkie - WordPress Business Directory Plugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CMSJunkie develops WordPress plugins for creating business directories, enabling users to list and manage business information. Historically, their plugins have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by four recorded CVEs. These flaws often stem from insufficient input validation and improper access controls. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in their codebase highlights ongoing security challenges that administrators should address promptly through updates and hardening measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68887 | WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability — WP-BusinessDirectoryCWE-79 | 7.1 | High | 2026-01-08 |
| CVE-2025-24759 | WordPress WP-BusinessDirectory <= 3.1.5 - SQL Injection vulnerability — WP-BusinessDirectoryCWE-89 | 9.3 | Critical | 2025-07-16 |
| CVE-2025-32630 | WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP-BusinessDirectoryCWE-79 | 7.1 | High | 2025-04-17 |
| CVE-2025-32629 | WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Arbitrary File Deletion vulnerability — WP-BusinessDirectoryCWE-22 | 8.6 | High | 2025-04-11 |
This page lists every published CVE security advisory associated with CMSJunkie - WordPress Business Directory Plugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.