GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

Vulnerabilities 19Slug geodirectoryLatest version 2.8.160WordPress.org →

Minimum safe version

2.8.154

Update to 2.8.154 or later to address 19 fixable vulnerabilities

Latest available2.8.160
Medium 5.9
2025-07-11< 2.8.120

GeoDirectory <= 2.8.119 - Authenticated (Contributor+) Stored Cross-Site Scripting

EUVDWordfenceCVE
N/A
2026-04-13< 2.8.154

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.152 - Unauthenticated SQL Injection

WordfenceCVE
Medium 4.3
2026-01-23< 2.8.150

CVE-2026-24549

CVEWordfence
Medium 4.3
2025-11-12< 2.8.140

CVE-2025-12833

CVEWordfence
Medium 6.5
2025-12-30< 2.3.85

WordPress GeoDirectory Plugin <= 2.3.84 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWordfence
N/A
< 2.3.29

GeoDirectory &lt; 2.3.29 - Authenticated (Administrator+) SQL Injection via orderby

WPScan
N/A
2023-10-18< 2.3.29

GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby

Wordfence
N/A
2022-12-21< 2.2.20

WordPress GeoDirectory Plugin <= 2.2.19 is vulnerable to CSV Injection

Patchstack
N/A
2022-12-20< 2.2.20

GeoDirectory <= 2.2.19 - CSV Injection

Wordfence