Skip to main content

Simple Business Directory Pro

1 CVEs product

Monthly

CVE-2026-57707 CRITICAL Act Now

SQL injection in QuantumCloud's Simple Business Directory Pro WordPress plugin (all versions through 15.9.4) allows remote attackers to inject crafted SQL into backend database queries, enabling extraction of sensitive data such as user credentials and stored directory records. Patchstack rates it critical (CVSS 9.3) with a network attack vector and no authentication indicated in the supplied vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high score and scope-change flag make it a priority for any site running this plugin.

SQLi Simple Business Directory Pro
NVD
CVSS 3.1
9.3
EPSS
0.4%
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in QuantumCloud's Simple Business Directory Pro WordPress plugin (all versions through 15.9.4) allows remote attackers to inject crafted SQL into backend database queries, enabling extraction of sensitive data such as user credentials and stored directory records. Patchstack rates it critical (CVSS 9.3) with a network attack vector and no authentication indicated in the supplied vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high score and scope-change flag make it a priority for any site running this plugin.

SQLi Simple Business Directory Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy