Simple Business Directory Pro
Monthly
SQL injection in QuantumCloud's Simple Business Directory Pro WordPress plugin (all versions through 15.9.4) allows remote attackers to inject crafted SQL into backend database queries, enabling extraction of sensitive data such as user credentials and stored directory records. Patchstack rates it critical (CVSS 9.3) with a network attack vector and no authentication indicated in the supplied vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high score and scope-change flag make it a priority for any site running this plugin.
SQL injection in QuantumCloud's Simple Business Directory Pro WordPress plugin (all versions through 15.9.4) allows remote attackers to inject crafted SQL into backend database queries, enabling extraction of sensitive data such as user credentials and stored directory records. Patchstack rates it critical (CVSS 9.3) with a network attack vector and no authentication indicated in the supplied vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high score and scope-change flag make it a priority for any site running this plugin.