WP-Safety

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Security & Risk Analysis

wordpress.org/plugins/adirectory

aDirectory is a lightweight, scalable, fast WordPress directory plugin for building any type of directories, classifieds, and job boards websites.

500 active installs v3.1.3 PHP 7.4+ WP 6.0+ Updated Mar 15, 2026
business-directoryclassified-adsdirectory-listingdirectory-pluginlisting
89
A · Safe
CVEs total4
Unpatched0
Last CVEJan 27, 2026
Plugin page Download
Safety Verdict

Is aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Safe to Use in 2026?

Generally Safe

Score 89/100

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 27, 2026Updated 19d ago
Risk Assessment

The "adirectory" v3.1.3 plugin exhibits a mixed security posture. While it demonstrates good practices in several areas, such as the exclusive use of prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns remain. The presence of 46 AJAX handlers, with two lacking authentication checks, presents a direct attack vector for unauthorized actions. Furthermore, the taint analysis, though reporting no critical or high severity flows, identified five flows with unsanitized paths, indicating potential for path traversal or information disclosure vulnerabilities. The plugin's vulnerability history is a major red flag. With four known CVEs, including one critical and one high severity vulnerability, and a history of common vulnerability types like missing authorization and unrestricted file uploads, it suggests a pattern of recurring security weaknesses. Although there are currently no unpatched vulnerabilities, the historical data indicates a recurring need for diligent patching and a potential underlying architectural fragility. The last reported vulnerability date is in the future, which might be a data anomaly, but the overall history points to a plugin that has struggled with robust security implementations in the past. In conclusion, while "adirectory" v3.1.3 has strengths in data handling and output sanitization, the unprotected entry points, potential for unsanitized paths, and significant historical vulnerability pattern necessitate a cautious approach and diligent monitoring.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Previous critical CVEs
  • Previous high severity CVEs
  • Common vulnerability types (Missing Auth, Upload)
Vulnerabilities
4

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2

4 total CVEs

CVE-2025-67975medium · 4.3Missing Authorization

aDirectory <= 3.0.3 - Missing Authorization

Jan 27, 2026 Patched in 3.0.4 (7d)
CVE-2024-13541medium · 4.3Missing Authorization

aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

Feb 11, 2025 Patched in 2.3.5 (1d)
WF-a5c7a019-953f-441e-b4d5-26f406f9853d-adirectoryhigh · 7.5Deserialization of Untrusted Data

aDirectory – WordPress Directory Listing Plugin <= 1.6.5 - Unauthenticated PHP Object Injection

Jan 20, 2025 Patched in 1.9 (1d)
CVE-2024-50420critical · 9.8Unrestricted Upload of File with Dangerous Type

aDirectory <= 1.3 - Unauthenticated Arbitrary File Upload

Oct 24, 2024 Patched in 1.3.1 (7d)
Code Analysis
Analyzed Mar 16, 2026

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
35 prepared
Unescaped Output
372
2737 escaped
Nonce Checks
53
Capability Checks
20
File Operations
19
External Requests
5
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

100% prepared35 total queries

Output Escaping

88% escaped3109 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

25 flows5 with unsanitized paths
import_directory (inc\Admin\Ajax\Ajax_Listing.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Attack Surface

Entry Points54
Unprotected2

AJAX Handlers 46

authwp_ajax_adqs_get_dir_mapped_toinc\Admin\Importer\AdImportExport.php:14
authwp_ajax_adqs_upload_import_listinc\Admin\Importer\AdImportExport.php:15
authwp_ajax_adqs_export_listingsinc\Admin\Importer\AdImportExport.php:16
authwp_ajax_adqs_get_directory_post_typeinc\Admin\Importer\AdImportExport.php:17
authwp_ajax_adqs_dismiss_demo_import_noticeinc\Admin\Notice.php:23
authwp_ajax_adqs_dismiss_migration_noticeinc\Admin\Notice.php:24
authwp_ajax_adqs_dismiss_black_friday_noticeinc\Admin\Notice.php:25
authwp_ajax_adqs_add_feature_imageinc\Database\Custom_Metabox\Directory_Type_Frontend.php:38
noprivwp_ajax_adqs_add_feature_imageinc\Database\Custom_Metabox\Directory_Type_Frontend.php:39
authwp_ajax_adqs_add_slider_imagesinc\Database\Custom_Metabox\Directory_Type_Frontend.php:40
noprivwp_ajax_adqs_add_slider_imagesinc\Database\Custom_Metabox\Directory_Type_Frontend.php:41
authwp_ajax_adqs_ajaxlistingreviewinc\Frontend\Ajax.php:42
noprivwp_ajax_adqs_ajaxlistingreviewinc\Frontend\Ajax.php:44
authwp_ajax_adqs_ajaxlistingreview_moreinc\Frontend\Ajax.php:47
noprivwp_ajax_adqs_ajaxlistingreview_moreinc\Frontend\Ajax.php:49
authwp_ajax_adqs_ajaxlisting_contact_ownerinc\Frontend\Ajax.php:52
noprivwp_ajax_adqs_ajaxlisting_contact_ownerinc\Frontend\Ajax.php:55
authwp_ajax_adqs_ajax_review_replyinc\Frontend\Ajax.php:58
noprivwp_ajax_adqs_ajax_review_replyinc\Frontend\Ajax.php:59
authwp_ajax_adqs_user_dash_get_listingsinc\Frontend\Ajax.php:63
authwp_ajax_adqs_get_directory_typesinc\Frontend\Ajax.php:64
noprivwp_ajax_adqs_user_dash_get_listingsinc\Frontend\Ajax.php:68
noprivwp_ajax_adqs_get_directory_typesinc\Frontend\Ajax.php:69
authwp_ajax_adqs_delete_listinginc\Frontend\Ajax.php:72
authwp_ajax_adqs_user_profile_updateinc\Frontend\Ajax.php:76
authwp_ajax_adqs_get_userdatainc\Frontend\Ajax.php:79
authwp_ajax_adqs_add_rmv_fav_listinginc\Frontend\Ajax.php:82
authwp_ajax_adqs_rmv_fav_listinginc\Frontend\Ajax.php:84
authwp_ajax_adqs_get_user_fav_listinc\Frontend\Ajax.php:87
authwp_ajax_adqs_user_dash_get_pricingPackageinc\Frontend\Ajax.php:90
noprivwp_ajax_adqs_user_dash_get_pricingPackageinc\Frontend\Ajax.php:94
authwp_ajax_adqs_tax_filtersinc\Frontend\Ajax.php:97
noprivwp_ajax_adqs_tax_filtersinc\Frontend\Ajax.php:98
authwp_ajax_adqs_filters_listingsinc\Frontend\Ajax.php:101
noprivwp_ajax_adqs_filters_listingsinc\Frontend\Ajax.php:102
authwp_ajax_adqs_mapview_filters_listingsinc\Frontend\Ajax.php:103
noprivwp_ajax_adqs_mapview_filters_listingsinc\Frontend\Ajax.php:104
authwp_ajax_adqs_change_taxonomyinc\Frontend\Ajax.php:107
noprivwp_ajax_adqs_change_taxonomyinc\Frontend\Ajax.php:108
authwp_ajax_adqs_change_filters_custom_fieldsinc\Frontend\Ajax.php:111
noprivwp_ajax_adqs_change_filters_custom_fieldsinc\Frontend\Ajax.php:112
authwp_ajax_adqs_agents_filtersinc\Frontend\Ajax.php:115
noprivwp_ajax_adqs_agents_filtersinc\Frontend\Ajax.php:116
authwp_ajax_delete-commentinc\Frontend\Traits\Customize\Listing_Review.php:54
authwp_ajax_adirectory_setup_saveinc\OnboardingWizard.php:20
authwp_ajax_adirectory_setup_importinc\OnboardingWizard.php:21

Shortcodes 8

[adqs_add_listing] inc\Database\Custom_Metabox\Directory_Type_Frontend.php:43
[adqs_listings] inc\Frontend\Shortcode.php:58
[adqs_taxonomies] inc\Frontend\Shortcode.php:59
[adqs_search] inc\Frontend\Shortcode.php:60
[adqs_social_share] inc\Frontend\Shortcode.php:61
[adqs_dashboard] inc\Frontend\Shortcode.php:62
[adqs_agents] inc\Frontend\Shortcode.php:64
[adqs_user_log_regi] inc\Frontend\Shortcode.php:66
WordPress Hooks 133
actionelementor/elements/categories_registeredinc\Addons\ElementorAddon.php:22
actionelementor/editor/after_enqueue_scriptsinc\Addons\ElementorAddon.php:25
actionelementor/widgets/widgets_registeredinc\Addons\ElementorAddon.php:31
actionadmin_enqueue_scriptsinc\Admin\Assets.php:19
filteruser_contactmethodsinc\Admin\Customize.php:24
actionadmin_headinc\Admin\Customize.php:27
actionadmin_footerinc\Admin\Customize.php:29
filterdisplay_post_statesinc\Admin\Customize.php:31
filterupload_dirinc\Admin\Importer\AdCsvHelper.php:116
filterwp_unique_filenameinc\Admin\Importer\AdCsvHelper.php:117
filterwp_handle_upload_overridesinc\Admin\Importer\AdCsvHelper.php:118
filterwp_handle_upload_prefilterinc\Admin\Importer\AdCsvHelper.php:119
actionadmin_menuinc\Admin\Importer\AdImportExport.php:11
actionadmin_initinc\Admin\Importer\AdImportExport.php:12
actionadmin_enqueue_scriptsinc\Admin\Importer\AdImportExport.php:13
actionadmin_noticesinc\Admin\Importer\AdImportExport.php:637
actionadmin_headinc\Admin\Importer\AdImportExport.php:684
actionadmin_menuinc\Admin\Menu.php:21
actionall_admin_noticesinc\Admin\Menu.php:22
filterparent_fileinc\Admin\Menu.php:23
filtersubmenu_fileinc\Admin\Menu.php:24
actionadmin_menuinc\Admin\Menu.php:25
actionadmin_enqueue_scriptsinc\Admin\Menu.php:27
actionadmin_noticesinc\Admin\Notice.php:20
actionadmin_noticesinc\Admin\Notice.php:21
actionadmin_enqueue_scriptsinc\Admin\Notice.php:22
actioninitinc\CookiesHandler.php:36
actionsave_postinc\Database\Base\Custom_Metabox.php:29
actioninitinc\Database\Base\Custom_Posts.php:24
actioninitinc\Database\Base\Custom_Taxonomy.php:24
actionadmin_enqueue_scriptsinc\Database\Custom_Metabox\Directory_Type.php:31
actionadd_meta_boxesinc\Database\Custom_Metabox\Directory_Type.php:34
actionsave_postinc\Database\Custom_Metabox\Directory_Type.php:38
actionquick_edit_custom_boxinc\Database\Custom_Metabox\Directory_Type.php:41
actioncreated_adqs_locationinc\Database\Custom_Metabox\Directory_Type.php:44
actioncreated_adqs_categoryinc\Database\Custom_Metabox\Directory_Type.php:45
actionsave_postinc\Database\Custom_Metabox\Directory_Type.php:440
actionsave_postinc\Database\Custom_Metabox\Directory_Type.php:477
actionsave_postinc\Database\Custom_Metabox\Directory_Type.php:488
actionadmin_enqueue_scriptsinc\Database\Custom_Metabox\Directory_Type_Frontend.php:36
actioninitinc\Database\Custom_Posts\Directory.php:33
actioninitinc\Database\Custom_Posts\Directory.php:34
actioninitinc\Database\Custom_Posts\Directory.php:35
actionadmin_initinc\Database\Custom_Posts\Directory.php:36
filterdisplay_post_statesinc\Database\Custom_Posts\Directory.php:37
filteradmin_bar_post_typesinc\Database\Custom_Posts\Directory.php:134
actionwidgets_initinc\Database\Custom_Widgets\Register_Widgets.php:20
actionadmin_enqueue_scriptsinc\Database\Traits\Taxonomy_Fields\Taxonomy_Directory.php:24
actionset_object_termsinc\Database\Traits\Taxonomy_Fields\Taxonomy_Directory.php:26
actionpre_get_termsinc\Database\Traits\Taxonomy_Fields\Taxonomy_Directory.php:27
actionadmin_enqueue_scriptsinc\Database\Traits\Taxonomy_Fields\Taxonomy_Icon.php:22
actionadmin_enqueue_scriptsinc\Database\Traits\Taxonomy_Fields\Taxonomy_Upload.php:22
actionadmin_footerinc\Database\Traits\Taxonomy_Fields\Taxonomy_Upload.php:23
actionphpmailer_initinc\EmailSender.php:10
actionwp_loadedinc\Formhandler.php:22
actionadqs_regi_login_errorinc\Formhandler.php:191
actionadqs_regi_login_errorinc\Formhandler.php:201
actionwp_enqueue_scriptsinc\Frontend\Assets.php:24
actionpre_get_postsinc\Frontend\Customize.php:41
actionwpinc\Frontend\Customize.php:44
filterget_avatarinc\Frontend\Customize.php:49
actionadqs_tax_listsinc\Frontend\Customize.php:51
actionadqs_ad_search_taxinc\Frontend\Customize.php:52
actionwp_headinc\Frontend\Customize.php:54
actionpre_user_queryinc\Frontend\Customize.php:56
filtertemplate_includeinc\Frontend\TemplateLoader.php:24
filtergenerate_rewrite_rulesinc\Frontend\TemplateLoader.php:27
filtercomments_templateinc\Frontend\TemplateLoader.php:30
actionwpinc\Frontend\TemplateLoader.php:33
actionadmin_bar_menuinc\Frontend\TemplateLoader.php:36
actionadd_meta_boxes_commentinc\Frontend\Traits\Customize\Listing_Review.php:23
actionedit_commentinc\Frontend\Traits\Customize\Listing_Review.php:26
actioncomment_postinc\Frontend\Traits\Customize\Listing_Review.php:29
filterpreprocess_commentinc\Frontend\Traits\Customize\Listing_Review.php:32
filtercomments_openinc\Frontend\Traits\Customize\Listing_Review.php:35
filtermanage_edit-comments_columnsinc\Frontend\Traits\Customize\Listing_Review.php:39
actionmanage_comments_custom_columninc\Frontend\Traits\Customize\Listing_Review.php:40
filtercomment_row_actionsinc\Frontend\Traits\Customize\Listing_Review.php:41
filterget_comment_textinc\Frontend\Traits\Customize\Listing_Review.php:42
actionadmin_initinc\Frontend\Traits\Customize\Listing_Review.php:46
filtercomments_list_table_query_argsinc\Frontend\Traits\Customize\Listing_Review.php:48
actiondelete_commentinc\Frontend\Traits\Customize\Listing_Review.php:51
actionadmin_enqueue_scriptsinc\Frontend\Traits\Customize\Listing_Review.php:57
filteradqs_listing_query_filter_argsinc\functions\customize-filter.php:110
filteradqs_listing_query_ajax_filter_argsinc\functions\customize-filter.php:132
actionadqs_frontend_after_save_metabox_datainc\functions\expire-listings.php:494
actionadqs_after_save_metabox_datainc\functions\expire-listings.php:495
actioninitinc\functions\expire-listings.php:801
actionadqs_daily_expire_listingsinc\functions\expire-listings.php:1055
actioninitinc\functions\expire-listings.php:1548
actionadqs_weekly_cleanup_snapshotsinc\functions\expire-listings.php:1553
actionadqs_after_advanced_top_filterinc\functions\filter-query.php:508
actionadqs_ajax_custom_filter_fieldsinc\functions\filter-query.php:509
actionadqs_listing_expiredinc\functions\template-functions.php:592
actiontemplate_redirectinc\functions\template-functions.php:758
actionadqs_before_main_contentinc\functions\template-hooks.php:22
actionadqs_after_main_contentinc\functions\template-hooks.php:23
actionadqs_single_listing_elementsinc\functions\template-hooks.php:38
actionadqs_single_listing_elementsinc\functions\template-hooks.php:39
actionadqs_single_listing_elementsinc\functions\template-hooks.php:40
actionadqs_single_listing_detailsinc\functions\template-hooks.php:41
actionadqs_single_listing_detailsinc\functions\template-hooks.php:42
actionadqs_single_listing_detailsinc\functions\template-hooks.php:43
actionadqs_single_listing_detailsinc\functions\template-hooks.php:44
actionadqs_single_listing_detailsinc\functions\template-hooks.php:45
actionadqs_grid_thumnail_btn_groupinc\functions\template-hooks.php:53
actionadqs_grid_badges_btn_groupinc\functions\template-hooks.php:54
actionadqs_after_new_registrationinc\functions\template-hooks.php:57
actionadqs_after_new_registrationinc\functions\template-hooks.php:58
actionadqs_new_listing_submittedinc\functions\template-hooks.php:59
actionadqs_new_listing_submittedinc\functions\template-hooks.php:60
actionpost_updatedinc\functions\template-hooks.php:61
actiontransition_post_statusinc\functions\template-hooks.php:62
actionadqs_order_change_cancelled_mail_to_userinc\functions\template-hooks.php:63
actionadqs_order_change_failed_mail_to_userinc\functions\template-hooks.php:64
actionadqs_order_change_pending_mail_to_userinc\functions\template-hooks.php:65
actionadqs_order_created_mail_to_bothinc\functions\template-hooks.php:66
actionadqs_order_completed_mail_to_bothinc\functions\template-hooks.php:67
actionadqs_doc_submit_mail_to_admininc\functions\template-hooks.php:68
actionadqs_doc_verify_mail_to_userinc\functions\template-hooks.php:69
actionadqs_doc_reject_mail_to_userinc\functions\template-hooks.php:70
actionadqs_new_user_accountinc\functions\template-hooks.php:73
actionadqs_expire_listing_notificationinc\functions\template-hooks.php:74
filteradqs_common_listing_metadatainc\functions\template-hooks.php:77
filteradqs_helper_listing_metadatainc\functions\template-hooks.php:78
actionactivated_plugininc\Init.php:49
actiondoing_it_wrong_trigger_errorinc\Init.php:51
actionplugins_loadedinc\Init.php:52
actioninitinc\Init.php:53
actioninitinc\Init.php:54
actionadmin_enqueue_scriptsinc\OnboardingWizard.php:17
actionadmin_menuinc\OnboardingWizard.php:18
actionadmin_initinc\OnboardingWizard.php:19

Scheduled Events 2

adqs_daily_expire_listings
adqs_weekly_cleanup_snapshots
Maintenance & Trust

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.4
Downloads21K

Community Trust

Rating100/100
Number of ratings14
Active installs500
Alternatives

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Alternatives

Cleanup – Directory Listing & Classifieds WordPress Plugin

Cleanup – Directory Listing & Classifieds WordPress Plugin

cleanup-light

A
91

Manage directory listings from both the front-end and the WordPress admin panel. Fully responsive design with an intuitive AJAX-powered interface.

0 1 CVE
Directorist: AI-Powered Business Directory, Listings & Classified Ads

Directorist: AI-Powered Business Directory, Listings & Classified Ads

directorist

D
39

Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.

20K 2 unpatched
Business Directory Plugin – Easy Listing Directories for WordPress

Business Directory Plugin – Easy Listing Directories for WordPress

business-directory-plugin

B
82

The easy Business Directory Plugin for WordPress. Build an easy team directory, member directory, staff directory, church directory, and more.

10K 16 CVEs
Classified Listing – AI-Powered Classified ads & Business Directory Plugin

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

classified-listing

A
88

A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.

10K 15 CVEs
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

geodirectory

B
82

A superb WordPress Business Directory plugin to create a local business directory, classified ads directory, or job listings board.

10K 16 CVEs
Developer Profile

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory Developer Profile

aDirectory

2 plugins · 520 total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/adirectory/assets/admin/css/elemntor-editor.css/wp-content/plugins/adirectory/assets/admin/css/admin-dashboard.css/wp-content/plugins/adirectory/assets/admin/css/dashboard-settings.css/wp-content/plugins/adirectory/assets/admin/css/react-toast.css/wp-content/plugins/adirectory/assets/admin/css/tailwind-default.css/wp-content/plugins/adirectory/assets/admin/css/fontawesome-all.min.css/wp-content/plugins/adirectory/assets/admin/css/admin.main.css/wp-content/plugins/adirectory/assets/admin/css/admin-comments.css+2 more
Script Paths
/wp-content/plugins/adirectory/build/directorybuilder/directorybuilder.js
Version Parameters
adirectory/assets/admin/css/elemntor-editor.css?ver=adirectory/assets/admin/css/admin-dashboard.css?ver=adirectory/assets/admin/css/dashboard-settings.css?ver=adirectory/assets/admin/css/react-toast.css?ver=adirectory/assets/admin/css/tailwind-default.css?ver=adirectory/assets/admin/css/fontawesome-all.min.css?ver=adirectory/assets/admin/css/admin.main.css?ver=adirectory/assets/admin/css/admin-comments.css?ver=adirectory/assets/admin/js/admin-main.js?ver=adirectory/assets/admin/js/multichecbox-dropdown.js?ver=adirectory/build/directorybuilder/directorybuilder.js?ver=

HTML / DOM Fingerprints

CSS Classes
adqs-categoryadqs-directory-builder
Data Attributes
data-nonce="adqs___directory_admin"
JS Globals
qsdObj
REST Endpoints
/wp-json/adqs-directory/v1/import/wp-json/adqs-directory/v1/export
FAQ

Frequently Asked Questions about aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory