Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Directory Kit — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in WP Directory Kit, with AI-generated Chinese analysis, references, and POCs.

Vendor: wpdirectorykit

CVE IDTitleCVSSSeverityPublished
CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action CWE-200 5.3 Medium2026-01-24
CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection CWE-89 7.5 High2025-12-13
CVE-2025-13390 WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover CWE-303 10.0 Critical2025-12-03
CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2025-12-02
CVE-2025-13525 WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter CWE-79 6.1 Medium2025-11-27
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function CWE-89 7.5 High2025-11-21
CVE-2025-60120 WordPress WP Directory Kit plugin <= 1.4.0 - Broken Access Control vulnerability CWE-862 5.3 Medium2025-09-26
CVE-2023-41875 WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability CWE-862 5.3 Medium2024-12-13
CVE-2024-37487 WordPress WP Directory Kit plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-07-21
CVE-2024-37253 WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability CWE-74 2.7 Low2024-07-09
CVE-2024-3217 WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection CWE-89 8.8 High2024-04-05
CVE-2024-29774 WordPress WP Directory Kit plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-03-27
CVE-2023-31229 WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection CWE-601 4.7 Medium2023-12-29
CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display CWE-352 5.4 Medium2023-08-31
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem CWE-352 6.1 Medium2023-06-13
CVE-2023-2278 WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action CWE-22 9.8 Critical2023-06-13
CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action CWE-862 6.5 Medium2023-06-13
CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action CWE-862 6.5 Medium2023-06-09
CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search' CWE-79 6.1 Medium2023-06-02

All 19 known CVE vulnerabilities affecting WP Directory Kit with full Chinese analysis, references, and POCs where available.