Unauthenticated Cross Site Scripting Vulnerability in Business Directory Plugin by WordPress
CVE-2026-57326

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Business Directory
Vendor
CVE Published:
29 June 2026

What is CVE-2026-57326?

A vulnerability exists in the Business Directory Plugin for WordPress that allows unauthenticated users to exploit Cross Site Scripting (XSS) issues. This can enable attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive data or gaining unauthorized access to user sessions.

Affected Version(s)

Business Directory <= 6.4.22

References

https://patchstack.com/database/wordpress/plugin/business...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xManticore | Patchstack Bug Bounty Program
.