Business Directory Plugin
Moderate fix1 remedy
cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 6.4.14
Business Directory Plugin Insecure Direct Object Reference Vulnerability Allowing Arbitrary Image Addition
Vulnerability
Patched
A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Business Directory Plugin – Easy Listing Directories for WordPress, affecting all versions through 6.4.14. The issue arises in the 'ajax_listing_submit_image_upload' function, where inadequate validation of a user-controlled key enables unauthenticated attackers to upload arbitrary images to listings.
Impact
Exploitation of this vulnerability allows for unauthorized image uploads to WordPress listings, which could be misused to inject malicious content or disrupt the site's visual presentation.
Remediation
Users are advised to update the Business Directory Plugin to version 6.4.15 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
7.1remediation
7.7relevance
0.0threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.