Does DirectoryPress Frontend have any unpatched vulnerabilities?

No. All known vulnerabilities in DirectoryPress Frontend have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DirectoryPress Frontend compatible with WordPress 6.8.5?

According to WordPress.org data, DirectoryPress Frontend 2.8.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is DirectoryPress Frontend updated?

DirectoryPress Frontend was last updated on Jul 21, 2025. Frequent updates are generally a positive security signal.

What is DirectoryPress Frontend's security score?

DirectoryPress Frontend has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DirectoryPress Frontend Security & Risk Analysis

wordpress.org/plugins/directorypress-frontend

This plugin provides frontend listing functionality for [DirectoryPress - Directory Listing Plugin](https://designinvento.

1K active installs v2.8.4 PHP + WP 6.0+ Updated Jul 21, 2025

business-directorycar-dealerclassifieddirectoriesdirectory-listing

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 14, 2025

Plugin page Download

Safety Verdict

Is DirectoryPress Frontend Safe to Use in 2026?

Generally Safe

Score 99/100

DirectoryPress Frontend has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 14, 2025Updated 8mo ago

Risk Assessment

The "directorypress-frontend" v2.8.4 plugin exhibits a mixed security posture. While it shows a significant number of output escaping checks and has no identified critical or high severity vulnerabilities currently, several areas raise concerns. The substantial number of AJAX handlers without authentication checks (48 out of 108) presents a considerable attack surface that could be exploited by unauthenticated users if proper authorization is not implemented at the application level.

The static analysis also reveals that 100% of its SQL queries are not using prepared statements, which is a significant risk for SQL injection vulnerabilities, even though no critical or high severity taint flows were found. The presence of unsanitized paths in 10 out of 18 analyzed flows, while not flagged as critical or high severity, warrants careful investigation as it could lead to path traversal or other file system related vulnerabilities.

The plugin's vulnerability history shows one medium severity CVE related to Cross-Site Request Forgery (CSRF), indicating past security weaknesses. Although this vulnerability is currently patched, the pattern of past issues combined with the identified weaknesses in the current version suggests a need for ongoing vigilance. Overall, the plugin has strengths in output escaping but significant weaknesses in authentication for its AJAX endpoints and in its handling of SQL queries and file paths that require attention.

Key Concerns

High number of AJAX handlers without auth checks
100% of SQL queries unescaped
Taint flows with unsanitized paths
Medium severity CVE history

Vulnerabilities

DirectoryPress Frontend Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-10581medium · 4.3Cross-Site Request Forgery (CSRF)

DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update

Feb 14, 2025 Patched in 2.8.0 (1d)

Code Analysis

Analyzed Mar 16, 2026

DirectoryPress Frontend Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

270

732 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared12 total queries

Output Escaping

73% escaped1002 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

18 flows10 with unsanitized paths

init (includes\directorypress_class_panel.php:19)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

48 unprotected

DirectoryPress Frontend Attack Surface

Entry Points114

Unprotected48

AJAX Handlers 108

authwp_ajax_init_listingsincludes\general-function.php:230

noprivwp_ajax_init_listingsincludes\general-function.php:231

authwp_ajax_dpfl_AdminNote_htmlincludes\listing-functions.php:27

noprivwp_ajax_dpfl_AdminNote_htmlincludes\listing-functions.php:28

authwp_ajax_dpfl_AdminNoteincludes\listing-functions.php:55

noprivwp_ajax_dpfl_AdminNoteincludes\listing-functions.php:56

authwp_ajax_dpfl_deleteListing_htmlincludes\listing-functions.php:72

noprivwp_ajax_dpfl_deleteListing_htmlincludes\listing-functions.php:73

authwp_ajax_dpfl_deleteListingincludes\listing-functions.php:105

noprivwp_ajax_dpfl_deleteListingincludes\listing-functions.php:106

authwp_ajax_dpfl_bumpUpListing_htmlincludes\listing-functions.php:122

noprivwp_ajax_dpfl_bumpUpListing_htmlincludes\listing-functions.php:123

authwp_ajax_dpfl_bumpUpListingincludes\listing-functions.php:158

noprivwp_ajax_dpfl_bumpUpListingincludes\listing-functions.php:159

authwp_ajax_dpfl_renewListing_htmlincludes\listing-functions.php:176

noprivwp_ajax_dpfl_renewListing_htmlincludes\listing-functions.php:177

authwp_ajax_dpfl_renewListingincludes\listing-functions.php:213

noprivwp_ajax_dpfl_renewListingincludes\listing-functions.php:214

authwp_ajax_dpfl_upgradeListing_htmlincludes\listing-functions.php:237

noprivwp_ajax_dpfl_upgradeListing_htmlincludes\listing-functions.php:238

authwp_ajax_dpfl_upgradeListingincludes\listing-functions.php:280

noprivwp_ajax_dpfl_upgradeListingincludes\listing-functions.php:281

authwp_ajax_dpfl_listingStatusChange_trigerincludes\listing-functions.php:312

noprivwp_ajax_dpfl_listingStatusChange_trigerincludes\listing-functions.php:313

authwp_ajax_dpfl_listingStatusChangeincludes\listing-functions.php:344

noprivwp_ajax_dpfl_listingStatusChangeincludes\listing-functions.php:345

authwp_ajax_directorypress_listing_peformanceincludes\listing-functions.php:361

noprivwp_ajax_directorypress_listing_peformanceincludes\listing-functions.php:362

authwp_ajax_dpfl_listingtrans_htmlincludes\listing-functions.php:511

noprivwp_ajax_dpfl_listingtrans_htmlincludes\listing-functions.php:512

authwp_ajax_dpfl_new_listng_submitincludes\listing-functions.php:598

noprivwp_ajax_dpfl_new_listng_submitincludes\listing-functions.php:599

authwp_ajax_dpfl_updatListingDataincludes\listing-functions.php:637

noprivwp_ajax_dpfl_updatListingDataincludes\listing-functions.php:638

authwp_ajax_dpfl_ProfileUpdateincludes\profile-functions.php:78

noprivwp_ajax_dpfl_ProfileUpdateincludes\profile-functions.php:79

authwp_ajax_dpfl_PasswordUpdateincludes\profile-functions.php:134

authwp_ajax_dpfl_PasswordUpdateincludes\profile-functions.php:135

authwp_ajax_dpfl_profilePhotoincludes\profile-functions.php:188

noprivwp_ajax_dpfl_profilePhotoincludes\profile-functions.php:189

authwp_ajax_dpfl_removeProfilePhotoincludes\profile-functions.php:224

noprivwp_ajax_dpfl_removeProfilePhotoincludes\profile-functions.php:225

authwp_ajax_dpfl_user_email_verification_codeincludes\profile-functions.php:251

noprivwp_ajax_dpfl_user_email_verification_codeincludes\profile-functions.php:252

authwp_ajax_dpfl_user_email_verificationincludes\profile-functions.php:273

noprivwp_ajax_dpfl_user_email_verificationincludes\profile-functions.php:274

authwp_ajax_dpfl_user_phone_verification_codeincludes\profile-functions.php:302

noprivwp_ajax_dpfl_user_phone_verification_codeincludes\profile-functions.php:303

authwp_ajax_dpfl_user_phone_verificationincludes\profile-functions.php:323

noprivwp_ajax_dpfl_user_phone_verificationincludes\profile-functions.php:324

authwp_ajax_dpfl_user_verification_html_ajaxincludes\profile-functions.php:415

noprivwp_ajax_dpfl_user_verification_html_ajaxincludes\profile-functions.php:416

authwp_ajax_dpfl_closeUserAccountincludes\profile-functions.php:524

authwp_ajax_dpfl_closeUserAccountincludes\profile-functions.php:525

authwp_ajax_init_listingstrunk\includes\general-function.php:230

noprivwp_ajax_init_listingstrunk\includes\general-function.php:231

authwp_ajax_dpfl_AdminNote_htmltrunk\includes\listing-functions.php:27

noprivwp_ajax_dpfl_AdminNote_htmltrunk\includes\listing-functions.php:28

authwp_ajax_dpfl_AdminNotetrunk\includes\listing-functions.php:55

noprivwp_ajax_dpfl_AdminNotetrunk\includes\listing-functions.php:56

authwp_ajax_dpfl_deleteListing_htmltrunk\includes\listing-functions.php:72

noprivwp_ajax_dpfl_deleteListing_htmltrunk\includes\listing-functions.php:73

authwp_ajax_dpfl_deleteListingtrunk\includes\listing-functions.php:105

noprivwp_ajax_dpfl_deleteListingtrunk\includes\listing-functions.php:106

authwp_ajax_dpfl_bumpUpListing_htmltrunk\includes\listing-functions.php:122

noprivwp_ajax_dpfl_bumpUpListing_htmltrunk\includes\listing-functions.php:123

authwp_ajax_dpfl_bumpUpListingtrunk\includes\listing-functions.php:158

noprivwp_ajax_dpfl_bumpUpListingtrunk\includes\listing-functions.php:159

authwp_ajax_dpfl_renewListing_htmltrunk\includes\listing-functions.php:176

noprivwp_ajax_dpfl_renewListing_htmltrunk\includes\listing-functions.php:177

authwp_ajax_dpfl_renewListingtrunk\includes\listing-functions.php:213

noprivwp_ajax_dpfl_renewListingtrunk\includes\listing-functions.php:214

authwp_ajax_dpfl_upgradeListing_htmltrunk\includes\listing-functions.php:237

noprivwp_ajax_dpfl_upgradeListing_htmltrunk\includes\listing-functions.php:238

authwp_ajax_dpfl_upgradeListingtrunk\includes\listing-functions.php:280

noprivwp_ajax_dpfl_upgradeListingtrunk\includes\listing-functions.php:281

authwp_ajax_dpfl_listingStatusChange_trigertrunk\includes\listing-functions.php:312

noprivwp_ajax_dpfl_listingStatusChange_trigertrunk\includes\listing-functions.php:313

authwp_ajax_dpfl_listingStatusChangetrunk\includes\listing-functions.php:344

noprivwp_ajax_dpfl_listingStatusChangetrunk\includes\listing-functions.php:345

authwp_ajax_directorypress_listing_peformancetrunk\includes\listing-functions.php:361

noprivwp_ajax_directorypress_listing_peformancetrunk\includes\listing-functions.php:362

authwp_ajax_dpfl_listingtrans_htmltrunk\includes\listing-functions.php:511

noprivwp_ajax_dpfl_listingtrans_htmltrunk\includes\listing-functions.php:512

authwp_ajax_dpfl_new_listng_submittrunk\includes\listing-functions.php:598

noprivwp_ajax_dpfl_new_listng_submittrunk\includes\listing-functions.php:599

authwp_ajax_dpfl_updatListingDatatrunk\includes\listing-functions.php:637

noprivwp_ajax_dpfl_updatListingDatatrunk\includes\listing-functions.php:638

authwp_ajax_dpfl_ProfileUpdatetrunk\includes\profile-functions.php:78

noprivwp_ajax_dpfl_ProfileUpdatetrunk\includes\profile-functions.php:79

authwp_ajax_dpfl_PasswordUpdatetrunk\includes\profile-functions.php:134

authwp_ajax_dpfl_PasswordUpdatetrunk\includes\profile-functions.php:135

authwp_ajax_dpfl_profilePhototrunk\includes\profile-functions.php:188

noprivwp_ajax_dpfl_profilePhototrunk\includes\profile-functions.php:189

authwp_ajax_dpfl_removeProfilePhototrunk\includes\profile-functions.php:224

noprivwp_ajax_dpfl_removeProfilePhototrunk\includes\profile-functions.php:225

authwp_ajax_dpfl_user_email_verification_codetrunk\includes\profile-functions.php:251

noprivwp_ajax_dpfl_user_email_verification_codetrunk\includes\profile-functions.php:252

authwp_ajax_dpfl_user_email_verificationtrunk\includes\profile-functions.php:273

noprivwp_ajax_dpfl_user_email_verificationtrunk\includes\profile-functions.php:274

authwp_ajax_dpfl_user_phone_verification_codetrunk\includes\profile-functions.php:302

noprivwp_ajax_dpfl_user_phone_verification_codetrunk\includes\profile-functions.php:303

authwp_ajax_dpfl_user_phone_verificationtrunk\includes\profile-functions.php:323

noprivwp_ajax_dpfl_user_phone_verificationtrunk\includes\profile-functions.php:324

authwp_ajax_dpfl_user_verification_html_ajaxtrunk\includes\profile-functions.php:415

noprivwp_ajax_dpfl_user_verification_html_ajaxtrunk\includes\profile-functions.php:416

authwp_ajax_dpfl_closeUserAccounttrunk\includes\profile-functions.php:524

authwp_ajax_dpfl_closeUserAccounttrunk\includes\profile-functions.php:525

Shortcodes 6

[directorypress-submit] includes\class-directorypress-frontend.php:92

[directorypress-dashboard] includes\class-directorypress-frontend.php:93

[directorypress-packages-table] includes\class-directorypress-frontend.php:94

[directorypress-submit] trunk\includes\class-directorypress-frontend.php:92

[directorypress-dashboard] trunk\includes\class-directorypress-frontend.php:93

[directorypress-packages-table] trunk\includes\class-directorypress-frontend.php:94

WordPress Hooks 74

actiondirectorypress_after_general_settingsadmin\class-directorypress-frontend-admin.php:13

actiondirectorypress_after_loadeddirectorypress-frontend.php:48

actioninitincludes\class-directorypress-frontend.php:53

actionadmin_enqueue_scriptsincludes\class-directorypress-frontend.php:61

actionadmin_enqueue_scriptsincludes\class-directorypress-frontend.php:62

actionwp_enqueue_scriptsincludes\class-directorypress-frontend.php:70

actionwp_enqueue_scriptsincludes\class-directorypress-frontend.php:71

actioninitincludes\class-directorypress-frontend.php:80

actiondirectorypress_version_upgradeincludes\class-directorypress-frontend.php:81

actionelementor/widgets/registerincludes\class-directorypress-frontend.php:82

actioninitincludes\class-directorypress-frontend.php:96

actioninitincludes\class-directorypress-frontend.php:97

filterdirectorypress_edit_post_urlincludes\class-directorypress-frontend.php:99

actiondirectorypress_userpanel_listing_buttonincludes\class-directorypress-frontend.php:101

actiondirectorypress_submit_button_dropdownincludes\class-directorypress-frontend.php:102

actioninitincludes\class-directorypress-frontend.php:104

actionadmin_initincludes\class-directorypress-frontend.php:106

actiontransition_post_statusincludes\class-directorypress-frontend.php:109

actiondirectorypress_post_status_on_activationincludes\class-directorypress-frontend.php:110

filterno_texturize_shortcodesincludes\class-directorypress-frontend.php:112

actiondpfl_render_templateincludes\class-directorypress-frontend.php:114

actionwp_enqueue_scriptsincludes\class-directorypress-frontend.php:116

filtershow_admin_barincludes\class-directorypress-frontend.php:344

filtershow_admin_barincludes\class-directorypress-frontend.php:347

actionwp_enqueue_scriptsincludes\directorypress_class_panel.php:400

actionwp_enqueue_scriptsincludes\directorypress_class_panel.php:405

actionwp_enqueue_scriptsincludes\directorypress_class_submit.php:482

actionwp_enqueue_scriptsincludes\directorypress_class_submit.php:486

filtertheme_page_templatesincludes\general-function.php:56

filtertemplate_includeincludes\general-function.php:66

filterwoocommerce_account_menu_itemsincludes\general-function.php:235

actionwp_footerincludes\listing-functions.php:535

actiondashboard_panel_htmlincludes\panel-functions.php:3

actiondpfl_user_verification_htmlincludes\profile-functions.php:377

actionwp_footerincludes\profile-functions.php:477

actionwp_footerincludes\profile-functions.php:555

actionvc_before_initincludes\vc_config.php:3

actiondirectorypress_after_general_settingstrunk\admin\class-directorypress-frontend-admin.php:13

actiondirectorypress_after_loadedtrunk\directorypress-frontend.php:48

actioninittrunk\includes\class-directorypress-frontend.php:53

actionadmin_enqueue_scriptstrunk\includes\class-directorypress-frontend.php:61

actionadmin_enqueue_scriptstrunk\includes\class-directorypress-frontend.php:62

actionwp_enqueue_scriptstrunk\includes\class-directorypress-frontend.php:70

actionwp_enqueue_scriptstrunk\includes\class-directorypress-frontend.php:71

actioninittrunk\includes\class-directorypress-frontend.php:80

actiondirectorypress_version_upgradetrunk\includes\class-directorypress-frontend.php:81

actionelementor/widgets/registertrunk\includes\class-directorypress-frontend.php:82

actioninittrunk\includes\class-directorypress-frontend.php:96

actioninittrunk\includes\class-directorypress-frontend.php:97

filterdirectorypress_edit_post_urltrunk\includes\class-directorypress-frontend.php:99

actiondirectorypress_userpanel_listing_buttontrunk\includes\class-directorypress-frontend.php:101

actiondirectorypress_submit_button_dropdowntrunk\includes\class-directorypress-frontend.php:102

actioninittrunk\includes\class-directorypress-frontend.php:104

actionadmin_inittrunk\includes\class-directorypress-frontend.php:106

actiontransition_post_statustrunk\includes\class-directorypress-frontend.php:109

actiondirectorypress_post_status_on_activationtrunk\includes\class-directorypress-frontend.php:110

filterno_texturize_shortcodestrunk\includes\class-directorypress-frontend.php:112

actiondpfl_render_templatetrunk\includes\class-directorypress-frontend.php:114

actionwp_enqueue_scriptstrunk\includes\class-directorypress-frontend.php:116

filtershow_admin_bartrunk\includes\class-directorypress-frontend.php:344

filtershow_admin_bartrunk\includes\class-directorypress-frontend.php:347

actionwp_enqueue_scriptstrunk\includes\directorypress_class_panel.php:400

actionwp_enqueue_scriptstrunk\includes\directorypress_class_panel.php:405

actionwp_enqueue_scriptstrunk\includes\directorypress_class_submit.php:482

actionwp_enqueue_scriptstrunk\includes\directorypress_class_submit.php:486

filtertheme_page_templatestrunk\includes\general-function.php:56

filtertemplate_includetrunk\includes\general-function.php:66

filterwoocommerce_account_menu_itemstrunk\includes\general-function.php:235

actionwp_footertrunk\includes\listing-functions.php:535

actiondashboard_panel_htmltrunk\includes\panel-functions.php:3

actiondpfl_user_verification_htmltrunk\includes\profile-functions.php:377

actionwp_footertrunk\includes\profile-functions.php:477

actionwp_footertrunk\includes\profile-functions.php:555

actionvc_before_inittrunk\includes\vc_config.php:3

Maintenance & Trust

DirectoryPress Frontend Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 21, 2025

PHP min version

Downloads25K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

DirectoryPress Frontend Alternatives

DirectoryPress – Business Directory And Classified Ad Listing

directorypress

DirectoryPress is most advanced and flexible directory listing plugin with wide range of features, You can build a business directory, classified list …

900 8 CVEs

aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory

adirectory

aDirectory is a lightweight, scalable, fast WordPress directory plugin for building any type of directories, classifieds, and job boards websites.

500 4 CVEs

Property – Real Estate Directory Listing

property

Easily manage real estate listings, property directories, and classified ads with a powerful, user-friendly, and SEO-optimized interface.

50 1 CVE

Directorist: AI-Powered Business Directory, Listings & Classified Ads

directorist

Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.

20K 2 unpatched

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

classified-listing

A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.

10K 15 CVEs

Developer Profile

DirectoryPress Frontend Developer Profile

Designinvento

4 plugins · 4K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

63 days

View full developer profile

Detection Fingerprints

How We Detect DirectoryPress Frontend

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/directorypress-frontend/public/css/directorypress-frontend-public.css/wp-content/plugins/directorypress-frontend/admin/css/directorypress-frontend-admin.css/wp-content/plugins/directorypress-frontend/public/js/directorypress-frontend-public.js/wp-content/plugins/directorypress-frontend/admin/js/directorypress-frontend-admin.js

Script Paths

/wp-content/plugins/directorypress-frontend/public/js/directorypress-frontend-public.js/wp-content/plugins/directorypress-frontend/admin/js/directorypress-frontend-admin.js

Version Parameters

directorypress-frontend/public/css/directorypress-frontend-public.css?ver=directorypress-frontend/admin/css/directorypress-frontend-admin.css?ver=directorypress-frontend/public/js/directorypress-frontend-public.js?ver=directorypress-frontend/admin/js/directorypress-frontend-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

directorypress-frontend-submit-formdirectorypress-frontend-dashboarddirectorypress-packages-table

Data Attributes

data-directorypress-submitdata-directorypress-dashboarddata-directorypress-packages-table

JS Globals

directorypress_frontend_public_object

Shortcode Output

[directorypress-submit][directorypress-dashboard][directorypress-packages-table]

FAQ