WP-Safety

WP-BusinessDirectory – Business directory plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/wp-businessdirectory

WP-BusinessDirectory is not just a simple business directory plugin, it is the most advanced business directory, classified ads directory, job listing …

40 active installs v4.0.1 PHP 7.4+ WP 4.9+ Updated Mar 10, 2026
business-directoryclassifiedsdirectorylistingsmembership
61
C · Use Caution
CVEs total4
Unpatched1
Last CVEDec 30, 2025
Plugin page Download
Safety Verdict

Is WP-BusinessDirectory – Business directory plugin for WordPress Safe to Use in 2026?

Use With Caution

Score 61/100

WP-BusinessDirectory – Business directory plugin for WordPress has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Dec 30, 2025Updated 25d ago
Risk Assessment

The wp-businessdirectory plugin version 4.0.1 presents a significant security risk due to a combination of poor coding practices, a history of critical vulnerabilities, and an exposed attack surface. While the use of prepared statements for SQL queries is a positive sign, this is heavily overshadowed by the extremely low percentage of properly escaped output (1%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The presence of unsanitized paths in all analyzed taint flows (12 out of 12) is a critical concern, particularly with 3 of these being rated as high severity. Furthermore, the single unprotected AJAX handler represents a direct entry point for attackers without any authentication or authorization checks. The plugin's vulnerability history, including a recent critical CVE and a pattern of SQL injection, XSS, and path traversal issues, suggests a persistent lack of security diligence. While the plugin exhibits some good practices like using prepared statements and capability checks, these are insufficient to mitigate the identified risks. The overall security posture is weak and requires immediate attention.

Key Concerns

  • Unpatched CVE (1 critical)
  • High severity taint flows (3)
  • Unprotected AJAX handler
  • Extremely low output escaping percentage
  • All taint flows have unsanitized paths
  • Dangerous function 'unserialize' used
  • Vulnerability history: SQL Injection, XSS, Path Traversal
Vulnerabilities
4

WP-BusinessDirectory – Business directory plugin for WordPress Security Vulnerabilities

CVEs by Year

4 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2

4 total CVEs

CVE-2025-68887medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-BusinessDirectory <= 3.1.5 - Reflected Cross-Site Scripting

Dec 30, 2025Unpatched
CVE-2025-24759high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP-BusinessDirectory <= 3.1.4 - Unauthenticated SQL Injection

Jul 11, 2025 Patched in 3.1.5 (230d)
CVE-2025-32630medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-BusinessDirectory <= 3.1.2 - Reflected Cross-Site Scripting

Apr 10, 2025 Patched in 3.1.3 (16d)
CVE-2025-32629critical · 9.1Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

WP-BusinessDirectory <= 3.1.2 - Unauthenticated Arbitrary File Deletion

Apr 9, 2025 Patched in 3.1.3 (17d)
Code Analysis
Analyzed Mar 16, 2026

WP-BusinessDirectory – Business directory plugin for WordPress Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
9 prepared
Unescaped Output
10484
138 escaped
Nonce Checks
1
Capability Checks
5
File Operations
99
External Requests
17
Bundled Libraries
2

Dangerous Functions Found

unserialize$this->{$k} = unserialize(serialize($v));includes\mvc\database\JDatabaseQuery.php:1490
unserialize$this->{$k} = unserialize(serialize($v));includes\mvc\database\JDatabaseQueryElement.php:142
unserializelist($this->executable, $this->args, $this->options, $this->data, $this->inputs) = unserialize($inpuincludes\mvc\input\Cli.php:104
unserializelist($this->options, $this->data, $this->inputs) = unserialize($input);includes\mvc\input\Input.php:203
unserialize$this->data = unserialize($data);includes\mvc\session\Session.php:683

Bundled Libraries

jQueryTCPDF

SQL Query Safety

100% prepared9 total queries

Output Escaping

1% escaped10622 total outputs
Data Flows
12 unsanitized

Data Flow Analysis

12 flows12 with unsanitized paths
<utils> (site\helpers\utils.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP-BusinessDirectory – Business directory plugin for WordPress Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_wpbd_set_admin_notice_viewedincludes\admin.php:42

Shortcodes 1

[wpbd_widget] includes\shortcodes.php:51
WordPress Hooks 31
actionadmin_menuincludes\admin-menu.php:24
actionadmin_noticesincludes\admin.php:38
actionadmin_noticesincludes\admin.php:39
filteradmin_footer_textincludes\admin.php:40
filternav_menu_meta_box_objectincludes\menu-items.php:22
filternav_menu_meta_box_objectincludes\menu-items.php:29
filternav_menu_meta_box_objectincludes\menu-items.php:36
filternav_menu_meta_box_objectincludes\menu-items.php:44
filternav_menu_meta_box_objectincludes\menu-items.php:52
actionshutdownincludes\notices.php:29
actionadmin_print_stylesincludes\notices.php:31
actionadmin_noticesincludes\notices.php:71
actionadmin_initincludes\router.php:14
actionwp_loadedincludes\router.php:76
actionparse_queryincludes\router.php:100
filterrouting_add_routesincludes\router.php:177
actiondo_parse_requestincludes\router.php:186
actionrouting_matched_varsincludes\router.php:233
filterpre_set_site_transient_update_pluginsincludes\update.php:26
actionwidgets_initincludes\widgets.php:230
actionadmin_enqueue_scriptsincludes\wp-actions.php:17
actionwp_enqueue_scriptsincludes\wp-actions.php:65
actionbusinessdirectory_daily_eventincludes\wp-actions.php:96
actionwp_print_stylesincludes\wp-actions.php:103
actionadmin_noticessite\classes\services\UserService.php:155
actionadmin_noticessite\classes\services\UserService.php:212
actionadmin_noticessite\classes\services\UserService.php:220
actionwp_headsite\jbusinessdirectory.php:61
actionadmin_noticeswp-businessdirectory.php:92
actionadmin_noticeswp-businessdirectory.php:94
actionplugins_loadedwp-businessdirectory.php:175
Maintenance & Trust

WP-BusinessDirectory – Business directory plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating90/100
Number of ratings10
Active installs40
Alternatives

WP-BusinessDirectory – Business directory plugin for WordPress Alternatives

Directorist: AI-Powered Business Directory, Listings & Classified Ads

Directorist: AI-Powered Business Directory, Listings & Classified Ads

directorist

D
39

Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.

20K 2 unpatched
Classified Listing – AI-Powered Classified ads & Business Directory Plugin

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

classified-listing

A
88

A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.

10K 15 CVEs
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

geodirectory

B
82

A superb WordPress Business Directory plugin to create a local business directory, classified ads directory, or job listings board.

10K 16 CVEs
Advanced Classifieds & Directory Pro

Advanced Classifieds & Directory Pro

advanced-classifieds-and-directory-pro

A
92

Build any kind of directory site: classifieds, cars, bikes & other vehicles dealers site, pets, real estate portal, yellow pages, etc...

2K 4 CVEs
Listdom: AI-powered Business Directory with Classifieds Ads Listings

Listdom: AI-powered Business Directory with Classifieds Ads Listings

listdom

A
96

Build any WordPress directory or classifieds site with AI. 80+ skins, search builder, user profile, frontend dashboard, Google Maps & reCAPTCHA.

1K 3 CVEs
Developer Profile

WP-BusinessDirectory – Business directory plugin for WordPress Developer Profile

61
trust score
Avg Security Score
61/100
Avg Patch Time
88 days
View full developer profile
Detection Fingerprints

How We Detect WP-BusinessDirectory – Business directory plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-businessdirectory/site/assets/css/style.css/wp-content/plugins/wp-businessdirectory/site/assets/css/bootstrap.css/wp-content/plugins/wp-businessdirectory/site/assets/css/magnific-popup.css/wp-content/plugins/wp-businessdirectory/site/assets/css/animate.css/wp-content/plugins/wp-businessdirectory/site/assets/css/owl.carousel.css/wp-content/plugins/wp-businessdirectory/site/assets/css/owl.theme.default.css/wp-content/plugins/wp-businessdirectory/site/assets/css/jquery-ui.css/wp-content/plugins/wp-businessdirectory/site/assets/css/select2.min.css+17 more
Version Parameters
wp-businessdirectory/site/assets/css/style.css?ver=wp-businessdirectory/site/assets/js/jquery.min.js?ver=wp-businessdirectory/admin/assets/js/jbd.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpbd-listingswpbd-listing-detailwpbd-search-formbd-listing-itembd-listing-titlebd-listing-addressbd-listing-phonebd-listing-email+17 more
HTML Comments
DENY DIRECT ACCESS TO THE FILEWarning when the site doesn't have the minimum required PHP version.Warning when the site doesn't have the minimum required WordPress version.If a different version is detected than the previous installed version, the installation is run again.+4 more
Data Attributes
data-plugin-name="WP-BusinessDirectory"data-plugin-version="4.0.1"data-listing-iddata-listing-slugdata-map-latdata-map-lng+9 more
JS Globals
WPBusinessDirectorywpbdjbdAdminjbdSitejbdGlobal
REST Endpoints
/wp-json/wpbd/v1/listings/wp-json/wpbd/v1/categories/wp-json/wpbd/v1/search/wp-json/wpbd/v1/favorites/wp-json/wpbd/v1/reviews
Shortcode Output
[wpbd_listings][wpbd_listing_detail][wpbd_search_form][wpbd_submit_listing]
FAQ

Frequently Asked Questions about WP-BusinessDirectory – Business directory plugin for WordPress