What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Path Traversal.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
WP-BusinessDirectory versions 3.1.2 and earlier contain a path traversal vulnerability that allows unauthenticated attackers to cause the site to become unavailable. The vulnerability requires no user interaction and can be exploited over the network. Sites running affected versions should update immediately to version 4.0.2 or later.
What an attacker can do
03Attacker Capabilities
Make the site unavailable by exploiting a path traversal flaw to access or manipulate files outside intended directories.
Potential impact on your site
04Site Impact
Your site could go offline or become unstable without warning. Visitors cannot access your site until you patch the plugin.
Conditions required to exploit
05Prerequisites
None. The attacker needs only network access; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 11, 2025
CVE published
April 28, 2026
Record updated