CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13541 – aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
https://notcve.org/view.php?id=CVE-2024-13541
11 Feb 2025 — The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. • https://plugins.trac.wordpress.org/browser/adirectory/tags/1.3.4/inc/Frontend/Ajax.php#L115 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
24 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en aDirectory aDirectory permite cargar un Web Shell a un servidor web. Este problema afecta a aDirectory: desde n/a hasta 1.3. The aDirectory – Directory Listing WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing f... • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •